Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/tbb-2020.3/examples/GettingStarted/sub_string_finder/sub_string_finder.cpp Examining data/tbb-2020.3/examples/GettingStarted/sub_string_finder/sub_string_finder_extended.cpp Examining data/tbb-2020.3/examples/GettingStarted/sub_string_finder/sub_string_finder_pretty.cpp Examining data/tbb-2020.3/examples/common/gui/convideo.cpp Examining data/tbb-2020.3/examples/common/gui/d2dvideo.cpp Examining data/tbb-2020.3/examples/common/gui/gdivideo.cpp Examining data/tbb-2020.3/examples/common/gui/macvideo.cpp Examining data/tbb-2020.3/examples/common/gui/video.h Examining data/tbb-2020.3/examples/common/gui/winvideo.h Examining data/tbb-2020.3/examples/common/gui/xcode/tbbExample/OpenGLView.h Examining data/tbb-2020.3/examples/common/gui/xcode/tbbExample/tbbAppDelegate.h Examining data/tbb-2020.3/examples/common/gui/xvideo.cpp Examining data/tbb-2020.3/examples/common/utility/fast_random.h Examining data/tbb-2020.3/examples/common/utility/get_default_num_threads.h Examining data/tbb-2020.3/examples/common/utility/utility.h Examining data/tbb-2020.3/examples/concurrent_hash_map/count_strings/count_strings.cpp Examining data/tbb-2020.3/examples/concurrent_priority_queue/shortpath/shortpath.cpp Examining data/tbb-2020.3/examples/graph/binpack/binpack.cpp Examining data/tbb-2020.3/examples/graph/cholesky/cholesky.cpp Examining data/tbb-2020.3/examples/graph/cholesky/init.cpp Examining data/tbb-2020.3/examples/graph/dining_philosophers/dining_philosophers.cpp Examining data/tbb-2020.3/examples/graph/fgbzip2/blocksort.cpp Examining data/tbb-2020.3/examples/graph/fgbzip2/bzlib.cpp Examining data/tbb-2020.3/examples/graph/fgbzip2/bzlib.h Examining data/tbb-2020.3/examples/graph/fgbzip2/bzlib_private.h Examining data/tbb-2020.3/examples/graph/fgbzip2/compress.cpp Examining data/tbb-2020.3/examples/graph/fgbzip2/crctable.cpp Examining data/tbb-2020.3/examples/graph/fgbzip2/decompress.cpp Examining data/tbb-2020.3/examples/graph/fgbzip2/fgbzip2.cpp Examining data/tbb-2020.3/examples/graph/fgbzip2/huffman.cpp Examining data/tbb-2020.3/examples/graph/fgbzip2/randtable.cpp Examining data/tbb-2020.3/examples/graph/logic_sim/D_latch.h Examining data/tbb-2020.3/examples/graph/logic_sim/basics.h Examining data/tbb-2020.3/examples/graph/logic_sim/four_bit_adder.h Examining data/tbb-2020.3/examples/graph/logic_sim/one_bit_adder.h Examining data/tbb-2020.3/examples/graph/logic_sim/test_all.cpp Examining data/tbb-2020.3/examples/graph/logic_sim/two_bit_adder.h Examining data/tbb-2020.3/examples/graph/som/som.cpp Examining data/tbb-2020.3/examples/graph/som/som.h Examining data/tbb-2020.3/examples/graph/som/som_graph.cpp Examining data/tbb-2020.3/examples/graph/stereo/lodepng.cpp Examining data/tbb-2020.3/examples/graph/stereo/lodepng.h Examining data/tbb-2020.3/examples/graph/stereo/stereo.cpp Examining data/tbb-2020.3/examples/graph/stereo/utils.h Examining data/tbb-2020.3/examples/parallel_do/parallel_preorder/Graph.cpp Examining data/tbb-2020.3/examples/parallel_do/parallel_preorder/Graph.h Examining data/tbb-2020.3/examples/parallel_do/parallel_preorder/Matrix.h Examining data/tbb-2020.3/examples/parallel_do/parallel_preorder/main.cpp Examining data/tbb-2020.3/examples/parallel_do/parallel_preorder/parallel_preorder.cpp Examining data/tbb-2020.3/examples/parallel_for/game_of_life/msvs/resource.h Examining data/tbb-2020.3/examples/parallel_for/game_of_life/src/AssemblyInfo.cpp Examining data/tbb-2020.3/examples/parallel_for/game_of_life/src/Board.h Examining data/tbb-2020.3/examples/parallel_for/game_of_life/src/Evolution.cpp Examining data/tbb-2020.3/examples/parallel_for/game_of_life/src/Evolution.h Examining data/tbb-2020.3/examples/parallel_for/game_of_life/src/Form1.h Examining data/tbb-2020.3/examples/parallel_for/game_of_life/src/Game_of_life.cpp Examining data/tbb-2020.3/examples/parallel_for/game_of_life/src/Update_state.cpp Examining data/tbb-2020.3/examples/parallel_for/polygon_overlay/msvs/resource.h Examining data/tbb-2020.3/examples/parallel_for/polygon_overlay/polymain.cpp Examining data/tbb-2020.3/examples/parallel_for/polygon_overlay/polymain.h Examining data/tbb-2020.3/examples/parallel_for/polygon_overlay/polyover.cpp Examining data/tbb-2020.3/examples/parallel_for/polygon_overlay/polyover.h Examining data/tbb-2020.3/examples/parallel_for/polygon_overlay/pover_global.h Examining data/tbb-2020.3/examples/parallel_for/polygon_overlay/pover_video.cpp Examining data/tbb-2020.3/examples/parallel_for/polygon_overlay/pover_video.h Examining data/tbb-2020.3/examples/parallel_for/polygon_overlay/rpolygon.h Examining data/tbb-2020.3/examples/parallel_for/seismic/main.cpp Examining data/tbb-2020.3/examples/parallel_for/seismic/msvs/resource.h Examining data/tbb-2020.3/examples/parallel_for/seismic/seismic_video.cpp Examining data/tbb-2020.3/examples/parallel_for/seismic/seismic_video.h Examining data/tbb-2020.3/examples/parallel_for/seismic/universe.cpp Examining data/tbb-2020.3/examples/parallel_for/seismic/universe.h Examining data/tbb-2020.3/examples/parallel_for/tachyon/msvs/resource.h Examining data/tbb-2020.3/examples/parallel_for/tachyon/msvs/uwp/App.xaml.cpp Examining data/tbb-2020.3/examples/parallel_for/tachyon/msvs/uwp/App.xaml.h Examining data/tbb-2020.3/examples/parallel_for/tachyon/msvs/uwp/DirectXBase.cpp Examining data/tbb-2020.3/examples/parallel_for/tachyon/msvs/uwp/DirectXBase.h Examining data/tbb-2020.3/examples/parallel_for/tachyon/msvs/uwp/DirectXPage.xaml.cpp Examining data/tbb-2020.3/examples/parallel_for/tachyon/msvs/uwp/DirectXPage.xaml.h Examining data/tbb-2020.3/examples/parallel_for/tachyon/msvs/uwp/pch.h Examining data/tbb-2020.3/examples/parallel_for/tachyon/msvs/uwp/tbbTachyonRenderer.cpp Examining data/tbb-2020.3/examples/parallel_for/tachyon/msvs/uwp/tbbTachyonRenderer.h Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/api.cpp Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/api.h Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/apigeom.cpp Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/apitrigeom.cpp Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/apitrigeom.h Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/bndbox.cpp Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/bndbox.h Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/box.cpp Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/box.h Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/camera.cpp Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/camera.h Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/coordsys.cpp Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/coordsys.h Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/cylinder.cpp Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/cylinder.h Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/extvol.cpp Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/extvol.h Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/global.cpp Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/global.h Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/grid.cpp Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/grid.h Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/imageio.cpp Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/imageio.h Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/imap.cpp Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/imap.h Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/intersect.cpp Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/intersect.h Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/jpeg.cpp Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/jpeg.h Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/light.cpp Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/light.h Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/machine.h Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/macros.h Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/main.cpp Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/objbound.cpp Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/objbound.h Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/parse.cpp Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/parse.h Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/plane.cpp Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/plane.h Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/ppm.cpp Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/ppm.h Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/pthread.cpp Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/pthread_w.h Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/quadric.cpp Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/quadric.h Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/render.cpp Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/render.h Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/ring.cpp Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/ring.h Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/shade.cpp Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/shade.h Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/sphere.cpp Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/sphere.h Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/tachyon_video.cpp Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/tachyon_video.h Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/texture.cpp Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/texture.h Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/tgafile.cpp Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/tgafile.h Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/trace.h Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/trace.serial.cpp Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/trace.simple.cpp Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/trace.tbb.cpp Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/trace.tbb1d.cpp Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/trace_rest.cpp Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/triangle.cpp Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/triangle.h Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/types.h Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/ui.cpp Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/ui.h Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/util.cpp Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/util.h Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/vector.cpp Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/vector.h Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/vol.cpp Examining data/tbb-2020.3/examples/parallel_for/tachyon/src/vol.h Examining data/tbb-2020.3/examples/parallel_reduce/convex_hull/convex_hull.h Examining data/tbb-2020.3/examples/parallel_reduce/convex_hull/convex_hull_bench.cpp Examining data/tbb-2020.3/examples/parallel_reduce/convex_hull/convex_hull_sample.cpp Examining data/tbb-2020.3/examples/parallel_reduce/primes/main.cpp Examining data/tbb-2020.3/examples/parallel_reduce/primes/primes.cpp Examining data/tbb-2020.3/examples/parallel_reduce/primes/primes.h Examining data/tbb-2020.3/examples/pipeline/square/gen_input.cpp Examining data/tbb-2020.3/examples/pipeline/square/square.cpp Examining data/tbb-2020.3/examples/task/tree_sum/OptimizedParallelSumTree.cpp Examining data/tbb-2020.3/examples/task/tree_sum/SerialSumTree.cpp Examining data/tbb-2020.3/examples/task/tree_sum/SimpleParallelSumTree.cpp Examining data/tbb-2020.3/examples/task/tree_sum/TreeMaker.h Examining data/tbb-2020.3/examples/task/tree_sum/common.h Examining data/tbb-2020.3/examples/task/tree_sum/main.cpp Examining data/tbb-2020.3/examples/task_arena/fractal/fractal.cpp Examining data/tbb-2020.3/examples/task_arena/fractal/fractal.h Examining data/tbb-2020.3/examples/task_arena/fractal/fractal_video.h Examining data/tbb-2020.3/examples/task_arena/fractal/main.cpp Examining data/tbb-2020.3/examples/task_arena/fractal/msvs/resource.h Examining data/tbb-2020.3/examples/task_group/sudoku/sudoku.cpp Examining data/tbb-2020.3/examples/test_all/fibonacci/Fibonacci.cpp Examining data/tbb-2020.3/include/serial/tbb/parallel_for.h Examining data/tbb-2020.3/include/serial/tbb/tbb_annotate.h Examining data/tbb-2020.3/include/tbb/aggregator.h Examining data/tbb-2020.3/include/tbb/aligned_space.h Examining data/tbb-2020.3/include/tbb/atomic.h Examining data/tbb-2020.3/include/tbb/blocked_range.h Examining data/tbb-2020.3/include/tbb/blocked_range2d.h Examining data/tbb-2020.3/include/tbb/blocked_range3d.h Examining data/tbb-2020.3/include/tbb/blocked_rangeNd.h Examining data/tbb-2020.3/include/tbb/cache_aligned_allocator.h Examining data/tbb-2020.3/include/tbb/combinable.h Examining data/tbb-2020.3/include/tbb/compat/ppl.h Examining data/tbb-2020.3/include/tbb/concurrent_hash_map.h Examining data/tbb-2020.3/include/tbb/concurrent_lru_cache.h Examining data/tbb-2020.3/include/tbb/concurrent_map.h Examining data/tbb-2020.3/include/tbb/concurrent_priority_queue.h Examining data/tbb-2020.3/include/tbb/concurrent_queue.h Examining data/tbb-2020.3/include/tbb/concurrent_set.h Examining data/tbb-2020.3/include/tbb/concurrent_unordered_map.h Examining data/tbb-2020.3/include/tbb/concurrent_unordered_set.h Examining data/tbb-2020.3/include/tbb/concurrent_vector.h Examining data/tbb-2020.3/include/tbb/critical_section.h Examining data/tbb-2020.3/include/tbb/enumerable_thread_specific.h Examining data/tbb-2020.3/include/tbb/flow_graph.h Examining data/tbb-2020.3/include/tbb/flow_graph_abstractions.h Examining data/tbb-2020.3/include/tbb/flow_graph_opencl_node.h Examining data/tbb-2020.3/include/tbb/global_control.h Examining data/tbb-2020.3/include/tbb/info.h Examining data/tbb-2020.3/include/tbb/internal/_aggregator_impl.h Examining data/tbb-2020.3/include/tbb/internal/_allocator_traits.h Examining data/tbb-2020.3/include/tbb/internal/_concurrent_queue_impl.h Examining data/tbb-2020.3/include/tbb/internal/_concurrent_skip_list_impl.h Examining data/tbb-2020.3/include/tbb/internal/_concurrent_unordered_impl.h Examining data/tbb-2020.3/include/tbb/internal/_deprecated_header_message_guard.h Examining data/tbb-2020.3/include/tbb/internal/_flow_graph_async_msg_impl.h Examining data/tbb-2020.3/include/tbb/internal/_flow_graph_body_impl.h Examining data/tbb-2020.3/include/tbb/internal/_flow_graph_cache_impl.h Examining data/tbb-2020.3/include/tbb/internal/_flow_graph_impl.h Examining data/tbb-2020.3/include/tbb/internal/_flow_graph_indexer_impl.h Examining data/tbb-2020.3/include/tbb/internal/_flow_graph_item_buffer_impl.h Examining data/tbb-2020.3/include/tbb/internal/_flow_graph_join_impl.h Examining data/tbb-2020.3/include/tbb/internal/_flow_graph_node_impl.h Examining data/tbb-2020.3/include/tbb/internal/_flow_graph_node_set_impl.h Examining data/tbb-2020.3/include/tbb/internal/_flow_graph_nodes_deduction.h Examining data/tbb-2020.3/include/tbb/internal/_flow_graph_streaming_node.h Examining data/tbb-2020.3/include/tbb/internal/_flow_graph_tagged_buffer_impl.h Examining data/tbb-2020.3/include/tbb/internal/_flow_graph_trace_impl.h Examining data/tbb-2020.3/include/tbb/internal/_flow_graph_types_impl.h Examining data/tbb-2020.3/include/tbb/internal/_mutex_padding.h Examining data/tbb-2020.3/include/tbb/internal/_node_handle_impl.h Examining data/tbb-2020.3/include/tbb/internal/_range_iterator.h Examining data/tbb-2020.3/include/tbb/internal/_tbb_hash_compare_impl.h Examining data/tbb-2020.3/include/tbb/internal/_tbb_strings.h Examining data/tbb-2020.3/include/tbb/internal/_tbb_trace_impl.h Examining data/tbb-2020.3/include/tbb/internal/_tbb_windef.h Examining data/tbb-2020.3/include/tbb/internal/_template_helpers.h Examining data/tbb-2020.3/include/tbb/internal/_warning_suppress_disable_notice.h Examining data/tbb-2020.3/include/tbb/internal/_warning_suppress_enable_notice.h Examining data/tbb-2020.3/include/tbb/internal/_x86_eliding_mutex_impl.h Examining data/tbb-2020.3/include/tbb/internal/_x86_rtm_rw_mutex_impl.h Examining data/tbb-2020.3/include/tbb/iterators.h Examining data/tbb-2020.3/include/tbb/machine/gcc_arm.h Examining data/tbb-2020.3/include/tbb/machine/gcc_generic.h Examining data/tbb-2020.3/include/tbb/machine/gcc_ia32_common.h Examining data/tbb-2020.3/include/tbb/machine/gcc_itsx.h Examining data/tbb-2020.3/include/tbb/machine/ibm_aix51.h Examining data/tbb-2020.3/include/tbb/machine/icc_generic.h Examining data/tbb-2020.3/include/tbb/machine/linux_common.h Examining data/tbb-2020.3/include/tbb/machine/linux_ia32.h Examining data/tbb-2020.3/include/tbb/machine/linux_ia64.h Examining data/tbb-2020.3/include/tbb/machine/linux_intel64.h Examining data/tbb-2020.3/include/tbb/machine/mac_ppc.h Examining data/tbb-2020.3/include/tbb/machine/macos_common.h Examining data/tbb-2020.3/include/tbb/machine/mic_common.h Examining data/tbb-2020.3/include/tbb/machine/msvc_armv7.h Examining data/tbb-2020.3/include/tbb/machine/msvc_ia32_common.h Examining data/tbb-2020.3/include/tbb/machine/sunos_sparc.h Examining data/tbb-2020.3/include/tbb/machine/windows_api.h Examining data/tbb-2020.3/include/tbb/machine/windows_ia32.h Examining data/tbb-2020.3/include/tbb/machine/windows_intel64.h Examining data/tbb-2020.3/include/tbb/memory_pool.h Examining data/tbb-2020.3/include/tbb/mutex.h Examining data/tbb-2020.3/include/tbb/null_mutex.h Examining data/tbb-2020.3/include/tbb/null_rw_mutex.h Examining data/tbb-2020.3/include/tbb/parallel_do.h Examining data/tbb-2020.3/include/tbb/parallel_for.h Examining data/tbb-2020.3/include/tbb/parallel_for_each.h Examining data/tbb-2020.3/include/tbb/parallel_invoke.h Examining data/tbb-2020.3/include/tbb/parallel_reduce.h Examining data/tbb-2020.3/include/tbb/parallel_scan.h Examining data/tbb-2020.3/include/tbb/parallel_sort.h Examining data/tbb-2020.3/include/tbb/parallel_while.h Examining data/tbb-2020.3/include/tbb/partitioner.h Examining data/tbb-2020.3/include/tbb/pipeline.h Examining data/tbb-2020.3/include/tbb/queuing_mutex.h Examining data/tbb-2020.3/include/tbb/queuing_rw_mutex.h Examining data/tbb-2020.3/include/tbb/reader_writer_lock.h Examining data/tbb-2020.3/include/tbb/recursive_mutex.h Examining data/tbb-2020.3/include/tbb/runtime_loader.h Examining data/tbb-2020.3/include/tbb/scalable_allocator.h Examining data/tbb-2020.3/include/tbb/spin_mutex.h Examining data/tbb-2020.3/include/tbb/spin_rw_mutex.h Examining data/tbb-2020.3/include/tbb/task.h Examining data/tbb-2020.3/include/tbb/task_arena.h Examining data/tbb-2020.3/include/tbb/task_group.h Examining data/tbb-2020.3/include/tbb/task_scheduler_init.h Examining data/tbb-2020.3/include/tbb/task_scheduler_observer.h Examining data/tbb-2020.3/include/tbb/tbb.h Examining data/tbb-2020.3/include/tbb/tbb_allocator.h Examining data/tbb-2020.3/include/tbb/tbb_disable_exceptions.h Examining data/tbb-2020.3/include/tbb/tbb_exception.h Examining data/tbb-2020.3/include/tbb/tbb_profiling.h Examining data/tbb-2020.3/include/tbb/tbb_stddef.h Examining data/tbb-2020.3/include/tbb/tbb_thread.h Examining data/tbb-2020.3/include/tbb/tbbmalloc_proxy.h Examining data/tbb-2020.3/include/tbb/tick_count.h Examining data/tbb-2020.3/include/tbb/tbb_machine.h Examining data/tbb-2020.3/include/tbb/tbb_config.h Examining data/tbb-2020.3/python/rml/ipc_server.cpp Examining data/tbb-2020.3/python/rml/ipc_utils.cpp Examining data/tbb-2020.3/python/rml/ipc_utils.h Examining data/tbb-2020.3/src/old/concurrent_queue_v2.cpp Examining data/tbb-2020.3/src/old/concurrent_queue_v2.h Examining data/tbb-2020.3/src/old/concurrent_vector_v2.cpp Examining data/tbb-2020.3/src/old/concurrent_vector_v2.h Examining data/tbb-2020.3/src/old/spin_rw_mutex_v2.cpp Examining data/tbb-2020.3/src/old/spin_rw_mutex_v2.h Examining data/tbb-2020.3/src/old/task_v2.cpp Examining data/tbb-2020.3/src/old/test_concurrent_queue_v2.cpp Examining data/tbb-2020.3/src/old/test_concurrent_vector_v2.cpp Examining data/tbb-2020.3/src/old/test_mutex_v2.cpp Examining data/tbb-2020.3/src/old/test_task_scheduler_observer_v3.cpp Examining data/tbb-2020.3/src/perf/coarse_grained_raii_lru_cache.h Examining data/tbb-2020.3/src/perf/cpq_pdes.cpp Examining data/tbb-2020.3/src/perf/fibonacci_impl_tbb.cpp Examining data/tbb-2020.3/src/perf/harness_perf.h Examining data/tbb-2020.3/src/perf/perf.cpp Examining data/tbb-2020.3/src/perf/perf.h Examining data/tbb-2020.3/src/perf/perf_sched.cpp Examining data/tbb-2020.3/src/perf/statistics.cpp Examining data/tbb-2020.3/src/perf/statistics.h Examining data/tbb-2020.3/src/perf/statistics_xml.h Examining data/tbb-2020.3/src/perf/time_async_return.cpp Examining data/tbb-2020.3/src/perf/time_cpq_throughput_test.cpp Examining data/tbb-2020.3/src/perf/time_fibonacci_cutoff.cpp Examining data/tbb-2020.3/src/perf/time_framework.h Examining data/tbb-2020.3/src/perf/time_hash_map.cpp Examining data/tbb-2020.3/src/perf/time_hash_map_fill.cpp Examining data/tbb-2020.3/src/perf/time_locked_work.cpp Examining data/tbb-2020.3/src/perf/time_lru_cache_throughput.cpp Examining data/tbb-2020.3/src/perf/time_parallel_for_each.cpp Examining data/tbb-2020.3/src/perf/time_resumable_tasks.cpp Examining data/tbb-2020.3/src/perf/time_sandbox.h Examining data/tbb-2020.3/src/perf/time_split_node.cpp Examining data/tbb-2020.3/src/perf/time_vector.cpp Examining data/tbb-2020.3/src/rml/client/library_assert.h Examining data/tbb-2020.3/src/rml/client/omp_dynamic_link.cpp Examining data/tbb-2020.3/src/rml/client/omp_dynamic_link.h Examining data/tbb-2020.3/src/rml/client/rml_factory.h Examining data/tbb-2020.3/src/rml/client/rml_omp.cpp Examining data/tbb-2020.3/src/rml/client/rml_tbb.cpp Examining data/tbb-2020.3/src/rml/include/rml_base.h Examining data/tbb-2020.3/src/rml/include/rml_omp.h Examining data/tbb-2020.3/src/rml/include/rml_tbb.h Examining data/tbb-2020.3/src/rml/perfor/omp_nested.cpp Examining data/tbb-2020.3/src/rml/perfor/omp_simple.cpp Examining data/tbb-2020.3/src/rml/perfor/tbb_multi_omp.cpp Examining data/tbb-2020.3/src/rml/perfor/tbb_simple.cpp Examining data/tbb-2020.3/src/rml/perfor/thread_level.h Examining data/tbb-2020.3/src/rml/server/job_automaton.h Examining data/tbb-2020.3/src/rml/server/thread_monitor.h Examining data/tbb-2020.3/src/rml/server/wait_counter.h Examining data/tbb-2020.3/src/rml/server/rml_server.cpp Examining data/tbb-2020.3/src/rml/test/rml_omp_stub.cpp Examining data/tbb-2020.3/src/rml/test/test_job_automaton.cpp Examining data/tbb-2020.3/src/rml/test/test_rml_mixed.cpp Examining data/tbb-2020.3/src/rml/test/test_rml_omp.cpp Examining data/tbb-2020.3/src/rml/test/test_rml_omp_c_linkage.c Examining data/tbb-2020.3/src/rml/test/test_rml_tbb.cpp Examining data/tbb-2020.3/src/rml/test/test_server.h Examining data/tbb-2020.3/src/rml/test/test_thread_monitor.cpp Examining data/tbb-2020.3/src/tbb/arena.cpp Examining data/tbb-2020.3/src/tbb/arena.h Examining data/tbb-2020.3/src/tbb/cache_aligned_allocator.cpp Examining data/tbb-2020.3/src/tbb/cilk-tbb-interop.h Examining data/tbb-2020.3/src/tbb/co_context.h Examining data/tbb-2020.3/src/tbb/concurrent_hash_map.cpp Examining data/tbb-2020.3/src/tbb/concurrent_monitor.cpp Examining data/tbb-2020.3/src/tbb/concurrent_monitor.h Examining data/tbb-2020.3/src/tbb/concurrent_queue.cpp Examining data/tbb-2020.3/src/tbb/concurrent_vector.cpp Examining data/tbb-2020.3/src/tbb/condition_variable.cpp Examining data/tbb-2020.3/src/tbb/critical_section.cpp Examining data/tbb-2020.3/src/tbb/custom_scheduler.h Examining data/tbb-2020.3/src/tbb/dynamic_link.cpp Examining data/tbb-2020.3/src/tbb/dynamic_link.h Examining data/tbb-2020.3/src/tbb/governor.cpp Examining data/tbb-2020.3/src/tbb/governor.h Examining data/tbb-2020.3/src/tbb/ibm_aix51/atomic_support.c Examining data/tbb-2020.3/src/tbb/intrusive_list.h Examining data/tbb-2020.3/src/tbb/itt_notify.cpp Examining data/tbb-2020.3/src/tbb/itt_notify.h Examining data/tbb-2020.3/src/tbb/mailbox.h Examining data/tbb-2020.3/src/tbb/market.cpp Examining data/tbb-2020.3/src/tbb/market.h Examining data/tbb-2020.3/src/tbb/mutex.cpp Examining data/tbb-2020.3/src/tbb/observer_proxy.cpp Examining data/tbb-2020.3/src/tbb/observer_proxy.h Examining data/tbb-2020.3/src/tbb/pipeline.cpp Examining data/tbb-2020.3/src/tbb/private_server.cpp Examining data/tbb-2020.3/src/tbb/queuing_mutex.cpp Examining data/tbb-2020.3/src/tbb/queuing_rw_mutex.cpp Examining data/tbb-2020.3/src/tbb/reader_writer_lock.cpp Examining data/tbb-2020.3/src/tbb/recursive_mutex.cpp Examining data/tbb-2020.3/src/tbb/scheduler.cpp Examining data/tbb-2020.3/src/tbb/scheduler.h Examining data/tbb-2020.3/src/tbb/scheduler_common.h Examining data/tbb-2020.3/src/tbb/scheduler_utility.h Examining data/tbb-2020.3/src/tbb/semaphore.cpp Examining data/tbb-2020.3/src/tbb/semaphore.h Examining data/tbb-2020.3/src/tbb/spin_mutex.cpp Examining data/tbb-2020.3/src/tbb/spin_rw_mutex.cpp Examining data/tbb-2020.3/src/tbb/task.cpp Examining data/tbb-2020.3/src/tbb/task_group_context.cpp Examining data/tbb-2020.3/src/tbb/task_stream.h Examining data/tbb-2020.3/src/tbb/task_stream_extended.h Examining data/tbb-2020.3/src/tbb/tbb_assert_impl.h Examining data/tbb-2020.3/src/tbb/tbb_bind.cpp Examining data/tbb-2020.3/src/tbb/tbb_environment.h Examining data/tbb-2020.3/src/tbb/tbb_main.cpp Examining data/tbb-2020.3/src/tbb/tbb_main.h Examining data/tbb-2020.3/src/tbb/tbb_misc.cpp Examining data/tbb-2020.3/src/tbb/tbb_misc.h Examining data/tbb-2020.3/src/tbb/tbb_misc_ex.cpp Examining data/tbb-2020.3/src/tbb/tbb_statistics.cpp Examining data/tbb-2020.3/src/tbb/tbb_statistics.h Examining data/tbb-2020.3/src/tbb/tbb_thread.cpp Examining data/tbb-2020.3/src/tbb/tbb_version.h Examining data/tbb-2020.3/src/tbb/tls.h Examining data/tbb-2020.3/src/tbb/tools_api/disable_warnings.h Examining data/tbb-2020.3/src/tbb/tools_api/ittnotify.h Examining data/tbb-2020.3/src/tbb/tools_api/ittnotify_config.h Examining data/tbb-2020.3/src/tbb/tools_api/ittnotify_static.c Examining data/tbb-2020.3/src/tbb/tools_api/ittnotify_static.h Examining data/tbb-2020.3/src/tbb/tools_api/ittnotify_types.h Examining data/tbb-2020.3/src/tbb/tools_api/legacy/ittnotify.h Examining data/tbb-2020.3/src/tbb/x86_rtm_rw_mutex.cpp Examining data/tbb-2020.3/src/tbbmalloc/Customize.h Examining data/tbb-2020.3/src/tbbmalloc/MapMemory.h Examining data/tbb-2020.3/src/tbbmalloc/Statistics.h Examining data/tbb-2020.3/src/tbbmalloc/Synchronize.h Examining data/tbb-2020.3/src/tbbmalloc/TypeDefinitions.h Examining data/tbb-2020.3/src/tbbmalloc/backend.cpp Examining data/tbb-2020.3/src/tbbmalloc/backend.h Examining data/tbb-2020.3/src/tbbmalloc/backref.cpp Examining data/tbb-2020.3/src/tbbmalloc/large_objects.cpp Examining data/tbb-2020.3/src/tbbmalloc/large_objects.h Examining data/tbb-2020.3/src/tbbmalloc/proxy.cpp Examining data/tbb-2020.3/src/tbbmalloc/proxy.h Examining data/tbb-2020.3/src/tbbmalloc/proxy_overload_osx.h Examining data/tbb-2020.3/src/tbbmalloc/shared_utils.h Examining data/tbb-2020.3/src/tbbmalloc/tbb_function_replacement.cpp Examining data/tbb-2020.3/src/tbbmalloc/tbb_function_replacement.h Examining data/tbb-2020.3/src/tbbmalloc/tbbmalloc.cpp Examining data/tbb-2020.3/src/tbbmalloc/tbbmalloc_internal.h Examining data/tbb-2020.3/src/tbbmalloc/tbbmalloc_internal_api.h Examining data/tbb-2020.3/src/tbbmalloc/frontend.cpp Examining data/tbb-2020.3/src/tbbproxy/tbbproxy.cpp Examining data/tbb-2020.3/src/test/harness_allocator.h Examining data/tbb-2020.3/src/test/harness_allocator_overload.h Examining data/tbb-2020.3/src/test/harness_assert.h Examining data/tbb-2020.3/src/test/harness_bad_expr.h Examining data/tbb-2020.3/src/test/harness_barrier.h Examining data/tbb-2020.3/src/test/harness_checktype.h Examining data/tbb-2020.3/src/test/harness_concurrency.h Examining data/tbb-2020.3/src/test/harness_concurrency_tracker.h Examining data/tbb-2020.3/src/test/harness_cpu.h Examining data/tbb-2020.3/src/test/harness_defs.h Examining data/tbb-2020.3/src/test/harness_dynamic_libs.h Examining data/tbb-2020.3/src/test/harness_eh.h Examining data/tbb-2020.3/src/test/harness_fp.h Examining data/tbb-2020.3/src/test/harness_graph.h Examining data/tbb-2020.3/src/test/harness_inject_scheduler.h Examining data/tbb-2020.3/src/test/harness_iterator.h Examining data/tbb-2020.3/src/test/harness_m128.h Examining data/tbb-2020.3/src/test/harness_memory.h Examining data/tbb-2020.3/src/test/harness_mic.h Examining data/tbb-2020.3/src/test/harness_preload.h Examining data/tbb-2020.3/src/test/harness_report.h Examining data/tbb-2020.3/src/test/harness_runtime_loader.h Examining data/tbb-2020.3/src/test/harness_state_trackable.h Examining data/tbb-2020.3/src/test/harness_task.h Examining data/tbb-2020.3/src/test/harness_tbb_independence.h Examining data/tbb-2020.3/src/test/harness_test_cases_framework.h Examining data/tbb-2020.3/src/test/harness_tls.h Examining data/tbb-2020.3/src/test/harness_tsx.h Examining data/tbb-2020.3/src/test/test_ScalableAllocator.cpp Examining data/tbb-2020.3/src/test/test_ScalableAllocator_STL.cpp Examining data/tbb-2020.3/src/test/test_aggregator.cpp Examining data/tbb-2020.3/src/test/test_aligned_space.cpp Examining data/tbb-2020.3/src/test/test_allocator.h Examining data/tbb-2020.3/src/test/test_allocator_STL.h Examining data/tbb-2020.3/src/test/test_arena_constraints_hwloc.cpp Examining data/tbb-2020.3/src/test/test_arena_constraints_stubs.cpp Examining data/tbb-2020.3/src/test/test_assembly.cpp Examining data/tbb-2020.3/src/test/test_async_msg.cpp Examining data/tbb-2020.3/src/test/test_async_node.cpp Examining data/tbb-2020.3/src/test/test_atomic.cpp Examining data/tbb-2020.3/src/test/test_blocked_range.cpp Examining data/tbb-2020.3/src/test/test_blocked_range2d.cpp Examining data/tbb-2020.3/src/test/test_blocked_range3d.cpp Examining data/tbb-2020.3/src/test/test_blocked_rangeNd.cpp Examining data/tbb-2020.3/src/test/test_broadcast_node.cpp Examining data/tbb-2020.3/src/test/test_buffer_node.cpp Examining data/tbb-2020.3/src/test/test_cache_aligned_allocator.cpp Examining data/tbb-2020.3/src/test/test_cache_aligned_allocator_STL.cpp Examining data/tbb-2020.3/src/test/test_cilk_common.h Examining data/tbb-2020.3/src/test/test_cilk_dynamic_load.cpp Examining data/tbb-2020.3/src/test/test_cilk_interop.cpp Examining data/tbb-2020.3/src/test/test_combinable.cpp Examining data/tbb-2020.3/src/test/test_composite_node.cpp Examining data/tbb-2020.3/src/test/test_concurrent_associative_common.h Examining data/tbb-2020.3/src/test/test_concurrent_hash_map.cpp Examining data/tbb-2020.3/src/test/test_concurrent_lru_cache.cpp Examining data/tbb-2020.3/src/test/test_concurrent_map.cpp Examining data/tbb-2020.3/src/test/test_concurrent_monitor.cpp Examining data/tbb-2020.3/src/test/test_concurrent_ordered_common.h Examining data/tbb-2020.3/src/test/test_concurrent_priority_queue.cpp Examining data/tbb-2020.3/src/test/test_concurrent_queue.cpp Examining data/tbb-2020.3/src/test/test_concurrent_queue_whitebox.cpp Examining data/tbb-2020.3/src/test/test_concurrent_set.cpp Examining data/tbb-2020.3/src/test/test_concurrent_unordered_common.h Examining data/tbb-2020.3/src/test/test_concurrent_unordered_map.cpp Examining data/tbb-2020.3/src/test/test_concurrent_unordered_set.cpp Examining data/tbb-2020.3/src/test/test_concurrent_vector.cpp Examining data/tbb-2020.3/src/test/test_condition_variable.h Examining data/tbb-2020.3/src/test/test_container_move_support.h Examining data/tbb-2020.3/src/test/test_continue_node.cpp Examining data/tbb-2020.3/src/test/test_critical_section.cpp Examining data/tbb-2020.3/src/test/test_dynamic_link.cpp Examining data/tbb-2020.3/src/test/test_eh_algorithms.cpp Examining data/tbb-2020.3/src/test/test_eh_flow_graph.cpp Examining data/tbb-2020.3/src/test/test_eh_tasks.cpp Examining data/tbb-2020.3/src/test/test_enumerable_thread_specific.cpp Examining data/tbb-2020.3/src/test/test_environment_whitebox.cpp Examining data/tbb-2020.3/src/test/test_examples_common_utility.cpp Examining data/tbb-2020.3/src/test/test_fast_random.cpp Examining data/tbb-2020.3/src/test/test_flow_graph.cpp Examining data/tbb-2020.3/src/test/test_flow_graph_priorities.cpp Examining data/tbb-2020.3/src/test/test_flow_graph_whitebox.cpp Examining data/tbb-2020.3/src/test/test_follows_and_precedes_api.h Examining data/tbb-2020.3/src/test/test_fp.cpp Examining data/tbb-2020.3/src/test/test_function_node.cpp Examining data/tbb-2020.3/src/test/test_global_control.cpp Examining data/tbb-2020.3/src/test/test_global_control_whitebox.cpp Examining data/tbb-2020.3/src/test/test_halt.cpp Examining data/tbb-2020.3/src/test/test_handle_perror.cpp Examining data/tbb-2020.3/src/test/test_hw_concurrency.cpp Examining data/tbb-2020.3/src/test/test_indexer_node.cpp Examining data/tbb-2020.3/src/test/test_initializer_list.h Examining data/tbb-2020.3/src/test/test_inits_loop.cpp Examining data/tbb-2020.3/src/test/test_input_node.cpp Examining data/tbb-2020.3/src/test/test_intrusive_list.cpp Examining data/tbb-2020.3/src/test/test_iterators.cpp Examining data/tbb-2020.3/src/test/test_ittnotify.cpp Examining data/tbb-2020.3/src/test/test_join_node.cpp Examining data/tbb-2020.3/src/test/test_join_node.h Examining data/tbb-2020.3/src/test/test_join_node_key_matching.cpp Examining data/tbb-2020.3/src/test/test_join_node_msg_key_matching.cpp Examining data/tbb-2020.3/src/test/test_lambda.cpp Examining data/tbb-2020.3/src/test/test_limiter_node.cpp Examining data/tbb-2020.3/src/test/test_malloc_atexit.cpp Examining data/tbb-2020.3/src/test/test_malloc_compliance.cpp Examining data/tbb-2020.3/src/test/test_malloc_init_shutdown.cpp Examining data/tbb-2020.3/src/test/test_malloc_lib_unload.cpp Examining data/tbb-2020.3/src/test/test_malloc_new_handler.cpp Examining data/tbb-2020.3/src/test/test_malloc_overload.cpp Examining data/tbb-2020.3/src/test/test_malloc_overload_disable.cpp Examining data/tbb-2020.3/src/test/test_malloc_pure_c.c Examining data/tbb-2020.3/src/test/test_malloc_regression.cpp Examining data/tbb-2020.3/src/test/test_malloc_shutdown_hang.cpp Examining data/tbb-2020.3/src/test/test_malloc_used_by_lib.cpp Examining data/tbb-2020.3/src/test/test_malloc_whitebox.cpp Examining data/tbb-2020.3/src/test/test_model_plugin.cpp Examining data/tbb-2020.3/src/test/test_multifunction_node.cpp Examining data/tbb-2020.3/src/test/test_mutex.cpp Examining data/tbb-2020.3/src/test/test_mutex_native_threads.cpp Examining data/tbb-2020.3/src/test/test_opencl_node.cpp Examining data/tbb-2020.3/src/test/test_openmp.cpp Examining data/tbb-2020.3/src/test/test_overwrite_node.cpp Examining data/tbb-2020.3/src/test/test_parallel_do.cpp Examining data/tbb-2020.3/src/test/test_parallel_for.cpp Examining data/tbb-2020.3/src/test/test_parallel_for_each.cpp Examining data/tbb-2020.3/src/test/test_parallel_for_vectorization.cpp Examining data/tbb-2020.3/src/test/test_parallel_invoke.cpp Examining data/tbb-2020.3/src/test/test_parallel_pipeline.cpp Examining data/tbb-2020.3/src/test/test_parallel_reduce.cpp Examining data/tbb-2020.3/src/test/test_parallel_scan.cpp Examining data/tbb-2020.3/src/test/test_parallel_sort.cpp Examining data/tbb-2020.3/src/test/test_parallel_while.cpp Examining data/tbb-2020.3/src/test/test_partitioner.h Examining data/tbb-2020.3/src/test/test_partitioner_whitebox.cpp Examining data/tbb-2020.3/src/test/test_partitioner_whitebox.h Examining data/tbb-2020.3/src/test/test_pipeline.cpp Examining data/tbb-2020.3/src/test/test_pipeline_with_tbf.cpp Examining data/tbb-2020.3/src/test/test_priority_queue_node.cpp Examining data/tbb-2020.3/src/test/test_queue_node.cpp Examining data/tbb-2020.3/src/test/test_range_based_for.h Examining data/tbb-2020.3/src/test/test_reader_writer_lock.cpp Examining data/tbb-2020.3/src/test/test_resumable_tasks.cpp Examining data/tbb-2020.3/src/test/test_runtime_loader.cpp Examining data/tbb-2020.3/src/test/test_rwm_upgrade_downgrade.cpp Examining data/tbb-2020.3/src/test/test_semaphore.cpp Examining data/tbb-2020.3/src/test/test_sequencer_node.cpp Examining data/tbb-2020.3/src/test/test_source_node.cpp Examining data/tbb-2020.3/src/test/test_split_node.cpp Examining data/tbb-2020.3/src/test/test_static_assert.cpp Examining data/tbb-2020.3/src/test/test_std_thread.cpp Examining data/tbb-2020.3/src/test/test_streaming_node.cpp Examining data/tbb-2020.3/src/test/test_tagged_msg.cpp Examining data/tbb-2020.3/src/test/test_task.cpp Examining data/tbb-2020.3/src/test/test_task_arena.cpp Examining data/tbb-2020.3/src/test/test_task_assertions.cpp Examining data/tbb-2020.3/src/test/test_task_auto_init.cpp Examining data/tbb-2020.3/src/test/test_task_enqueue.cpp Examining data/tbb-2020.3/src/test/test_task_group.cpp Examining data/tbb-2020.3/src/test/test_task_leaks.cpp Examining data/tbb-2020.3/src/test/test_task_priority.cpp Examining data/tbb-2020.3/src/test/test_task_scheduler_init.cpp Examining data/tbb-2020.3/src/test/test_task_scheduler_observer.cpp Examining data/tbb-2020.3/src/test/test_task_steal_limit.cpp Examining data/tbb-2020.3/src/test/test_tbb_condition_variable.cpp Examining data/tbb-2020.3/src/test/test_tbb_fork.cpp Examining data/tbb-2020.3/src/test/test_tbb_header.cpp Examining data/tbb-2020.3/src/test/test_tbb_thread.cpp Examining data/tbb-2020.3/src/test/test_tbb_version.cpp Examining data/tbb-2020.3/src/test/test_thread.h Examining data/tbb-2020.3/src/test/test_tick_count.cpp Examining data/tbb-2020.3/src/test/test_tuple.cpp Examining data/tbb-2020.3/src/test/test_write_once_node.cpp Examining data/tbb-2020.3/src/test/test_yield.cpp Examining data/tbb-2020.3/src/test/harness.h Examining data/tbb-2020.3/src/test/test_malloc_pools.cpp Examining data/tbb-2020.3/debian/tests/test.cc FINAL RESULTS: data/tbb-2020.3/examples/graph/fgbzip2/bzlib.cpp:1465:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(mode2, writing ? "w" : "r" ); data/tbb-2020.3/examples/graph/fgbzip2/bzlib_private.h:113:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf ( stderr, \ data/tbb-2020.3/examples/graph/fgbzip2/bzlib_private.h:122:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr,zf) data/tbb-2020.3/examples/graph/fgbzip2/bzlib_private.h:124:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr,zf,za1) data/tbb-2020.3/examples/graph/fgbzip2/bzlib_private.h:126:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr,zf,za1,za2) data/tbb-2020.3/examples/graph/fgbzip2/bzlib_private.h:128:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr,zf,za1,za2,za3) data/tbb-2020.3/examples/graph/fgbzip2/bzlib_private.h:130:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr,zf,za1,za2,za3,za4) data/tbb-2020.3/examples/graph/fgbzip2/bzlib_private.h:132:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr,zf,za1,za2,za3,za4,za5) data/tbb-2020.3/examples/parallel_for/tachyon/src/api.cpp:152:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char *) &scene->outfilename, outname); data/tbb-2020.3/examples/parallel_for/tachyon/src/imap.cpp:150:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newimage->name, filename); data/tbb-2020.3/examples/parallel_for/tachyon/src/main.cpp:238:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if( title ) strcpy( name, title ); data/tbb-2020.3/examples/parallel_for/tachyon/src/main.cpp:240:36: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if(strrchr(argv[0], '\\')) strcpy (name, strrchr(argv[0], '\\')+1); data/tbb-2020.3/examples/parallel_for/tachyon/src/main.cpp:241:40: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else if(strrchr(argv[0], '/')) strcpy (name, strrchr(argv[0], '/')+1); data/tbb-2020.3/examples/parallel_for/tachyon/src/main.cpp:242:14: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else strcpy (name, *argv[0]?argv[0]:"Tachyon"); data/tbb-2020.3/examples/parallel_for/tachyon/src/main.cpp:246:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (name, argv[i]); data/tbb-2020.3/examples/parallel_for/tachyon/src/main.cpp:301:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(opt.filename, filename.c_str()); data/tbb-2020.3/examples/parallel_for/tachyon/src/parse.cpp:120:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(textable[numtextures].name, name); data/tbb-2020.3/examples/parallel_for/tachyon/src/parse.cpp:195:3: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. fscanf(dfile,"%s",data); data/tbb-2020.3/examples/parallel_for/tachyon/src/parse.cpp:254:3: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. fscanf(dfile, "%s", outfilename); data/tbb-2020.3/examples/parallel_for/tachyon/src/parse.cpp:315:3: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. fscanf(dfile, "%s", objtype); data/tbb-2020.3/examples/parallel_for/tachyon/src/parse.cpp:399:3: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. fscanf(dfile, "%s", texname); data/tbb-2020.3/examples/parallel_for/tachyon/src/parse.cpp:409:3: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. fscanf(dfile, "%s", texname); data/tbb-2020.3/examples/parallel_for/tachyon/src/parse.cpp:410:3: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. fscanf(dfile, "%s", aliasname); data/tbb-2020.3/examples/parallel_for/tachyon/src/parse.cpp:421:3: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. fscanf(dfile, "%s", tmp); data/tbb-2020.3/examples/parallel_for/tachyon/src/parse.cpp:454:3: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. fscanf(dfile, "%s", tmp); data/tbb-2020.3/examples/parallel_for/tachyon/src/parse.cpp:456:5: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. fscanf(dfile, "%s", tmp); data/tbb-2020.3/examples/parallel_for/tachyon/src/parse.cpp:470:5: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. fscanf(dfile, "%s", tmp); data/tbb-2020.3/examples/parallel_for/tachyon/src/parse.cpp:486:5: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. fscanf(dfile, "%s", tex.imap); data/tbb-2020.3/examples/parallel_for/tachyon/src/parse.cpp:673:3: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. fscanf(dfile, "%s", fname); data/tbb-2020.3/examples/parallel_for/tachyon/src/parse.cpp:821:3: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. fscanf(dfile, "%s", ifname); data/tbb-2020.3/examples/parallel_for/tachyon/src/ppm.cpp:82:5: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. fscanf(dfile, "%s", ch); data/tbb-2020.3/examples/parallel_for/tachyon/src/ppm.cpp:102:3: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. fscanf(ifp, "%s", data); data/tbb-2020.3/examples/parallel_for/tachyon/src/tachyon_video.cpp:73:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s: %.3f seconds", global_window_title, runtime); data/tbb-2020.3/examples/parallel_for/tachyon/src/tgafile.cpp:69:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(msgtxt, "Cannot create %s for output!", name); data/tbb-2020.3/examples/parallel_for/tachyon/src/tgafile.cpp:107:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(msgtxt, "Cannot open %s for output!", filename); data/tbb-2020.3/examples/parallel_for/tachyon/src/vol.cpp:96:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(vol->name, fname); data/tbb-2020.3/examples/parallel_for/tachyon/src/vol.cpp:284:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(msgtxt, "Vol: can't open %s for input!!! Aborting\n",vol->name); data/tbb-2020.3/examples/parallel_for/tachyon/src/vol.cpp:290:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(msgtxt, "loading %dx%dx%d volume set from %s", data/tbb-2020.3/examples/pipeline/square/gen_input.cpp:26:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. #define access _access data/tbb-2020.3/examples/pipeline/square/gen_input.cpp:56:10: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if ( access(fname, F_OK) != 0 ) data/tbb-2020.3/include/tbb/flow_graph_opencl_node.h:654:17: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. iterator<a> access() const { data/tbb-2020.3/include/tbb/flow_graph_opencl_node.h:660:31: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. T* data() const { return &access<read_write>()[0]; } data/tbb-2020.3/include/tbb/flow_graph_opencl_node.h:663:40: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. iterator<a> begin() const { return access<a>(); } data/tbb-2020.3/include/tbb/flow_graph_opencl_node.h:666:38: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. iterator<a> end() const { return access<a>()+my_impl->size()/sizeof(T); } data/tbb-2020.3/python/rml/ipc_server.cpp:110:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( sem_name, value ); data/tbb-2020.3/python/rml/ipc_server.cpp:122:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( sem_name, value ); data/tbb-2020.3/python/rml/ipc_server.cpp:143:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( templ, IPC_ACTIVE_SEM_PREFIX ); data/tbb-2020.3/python/rml/ipc_server.cpp:145:22: [4] (tmpfile) mktemp: Temporary file race condition (CWE-377). char* sem_name = mktemp( templ ); data/tbb-2020.3/python/rml/ipc_server.cpp:156:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( templ, IPC_STOP_SEM_PREFIX ); data/tbb-2020.3/python/rml/ipc_server.cpp:158:22: [4] (tmpfile) mktemp: Temporary file race condition (CWE-377). char* sem_name = mktemp( templ ); data/tbb-2020.3/python/rml/ipc_utils.cpp:62:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf( stat_file_path, stat_file_path_template, pid ); data/tbb-2020.3/python/rml/ipc_utils.cpp:95:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf( name, name_template, prefix, pid, time ); data/tbb-2020.3/src/perf/perf.cpp:730:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy ( (char*)tr.my_workloadNames[w], WorkloadName ); data/tbb-2020.3/src/perf/perf.cpp:754:13: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf( ResFile, fmt, args ); data/tbb-2020.3/src/perf/perf.cpp:758:9: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf( fmt, args ); data/tbb-2020.3/src/perf/perf.cpp:830:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf( internal::WorkloadName, MaxWorkloadNameLen, format, args ); data/tbb-2020.3/src/perf/statistics.cpp:23:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/tbb-2020.3/src/perf/statistics.cpp:23:18: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/tbb-2020.3/src/perf/statistics.cpp:195:21: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(fmt, ""); data/tbb-2020.3/src/perf/statistics.cpp:197:21: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(fmt, a->second.c_str()); a++; data/tbb-2020.3/src/perf/statistics.cpp:241:25: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(OutputFile, ResultsFmt, r[k]); data/tbb-2020.3/src/perf/statistics.cpp:274:25: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(OutputFile, ResultsFmt, r[k]); data/tbb-2020.3/src/perf/statistics.cpp:320:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(OutputFile, ResultsFmt, r[k]); data/tbb-2020.3/src/perf/statistics.cpp:357:25: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(OutputFile, ResultsFmt, result[r]); data/tbb-2020.3/src/perf/statistics.cpp:374:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(UserName,getenv("USERNAME")); data/tbb-2020.3/src/perf/statistics.cpp:376:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(UserName,getenv("USER")); data/tbb-2020.3/src/perf/statistics.cpp:382:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(OutputFile, XMLHead, UserName, TimerBuff); data/tbb-2020.3/src/perf/statistics.cpp:383:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(OutputFile, XMLStyles); data/tbb-2020.3/src/perf/statistics.cpp:384:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(OutputFile, XMLBeginSheet, "Horizontal"); data/tbb-2020.3/src/perf/statistics.cpp:385:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(OutputFile, XMLNames,1,1,1,int(AnalysisTitles.size()+Formulas.size()+COUNT_PARAMETERS)); data/tbb-2020.3/src/perf/statistics.cpp:386:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(OutputFile, XMLBeginTable, int(RoundTitles.size()+Formulas.size()+AnalysisTitles.size()+COUNT_PARAMETERS+1/*title*/), int(Statistics.size()+1)); data/tbb-2020.3/src/perf/statistics.cpp:387:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(OutputFile, XMLBRow); data/tbb-2020.3/src/perf/statistics.cpp:388:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(OutputFile, XMLCellTopName); data/tbb-2020.3/src/perf/statistics.cpp:389:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(OutputFile, XMLCellTopThread); data/tbb-2020.3/src/perf/statistics.cpp:390:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(OutputFile, XMLCellTopMode, ModeName); data/tbb-2020.3/src/perf/statistics.cpp:392:17: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(OutputFile, XMLAnalysisTitle, j->c_str()+1); data/tbb-2020.3/src/perf/statistics.cpp:394:17: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(OutputFile, XMLAnalysisTitle, j->first.c_str()+1); data/tbb-2020.3/src/perf/statistics.cpp:396:17: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(OutputFile, XMLAnalysisTitle, j->c_str()); data/tbb-2020.3/src/perf/statistics.cpp:400:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(OutputFile, XMLCellEmptyWhite, Info.c_str()); data/tbb-2020.3/src/perf/statistics.cpp:401:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(OutputFile, XMLERow); data/tbb-2020.3/src/perf/statistics.cpp:405:17: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(OutputFile, XMLBRow); data/tbb-2020.3/src/perf/statistics.cpp:406:17: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(OutputFile, XMLCellName, i->second->Name.c_str()); data/tbb-2020.3/src/perf/statistics.cpp:407:17: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(OutputFile, XMLCellThread,i->second->Threads); data/tbb-2020.3/src/perf/statistics.cpp:408:17: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(OutputFile, XMLCellMode, i->second->Mode.c_str()); data/tbb-2020.3/src/perf/statistics.cpp:413:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(OutputFile, XMLCellAnalysis, (*at != j->first)?"":(i->second->Analysis[j->first]).c_str()); data/tbb-2020.3/src/perf/statistics.cpp:420:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(OutputFile, XMLCellFormula, ExcelFormula(f->second, Formulas.size()-place, v.size(), true).c_str()); data/tbb-2020.3/src/perf/statistics.cpp:424:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(OutputFile, XMLCellData, v[k]); data/tbb-2020.3/src/perf/statistics.cpp:427:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(OutputFile, XMLMergeRow, int(RoundTitles.size() - v.size())); data/tbb-2020.3/src/perf/statistics.cpp:428:17: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(OutputFile, XMLERow); data/tbb-2020.3/src/perf/statistics.cpp:431:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(OutputFile, XMLEndTable); data/tbb-2020.3/src/perf/statistics.cpp:432:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(OutputFile, XMLWorkSheetProperties,1,1,3,3,int(RoundTitles.size()+AnalysisTitles.size()+Formulas.size()+COUNT_PARAMETERS)); data/tbb-2020.3/src/perf/statistics.cpp:433:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(OutputFile, XMLAutoFilter,1,1,1,int(AnalysisTitles.size()+Formulas.size()+COUNT_PARAMETERS)); data/tbb-2020.3/src/perf/statistics.cpp:434:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(OutputFile, XMLEndWorkSheet); data/tbb-2020.3/src/perf/statistics.cpp:436:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(OutputFile, XMLEndWorkbook); data/tbb-2020.3/src/perf/statistics.h:96:27: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. StatisticResults *access; data/tbb-2020.3/src/perf/statistics.h:97:22: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. TestCase() : access(0) {} data/tbb-2020.3/src/perf/statistics.h:98:44: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. TestCase(StatisticResults *link) : access(link) {} data/tbb-2020.3/src/perf/statistics.h:175:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(name, size-1, fmt, args); \ data/tbb-2020.3/src/tbb/dynamic_link.cpp:371:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( path, ap_data._path ); data/tbb-2020.3/src/tbb/dynamic_link.cpp:372:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( path, name ); data/tbb-2020.3/src/tbb/scheduler_common.h:74:34: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define TBB_TRACE(x) ((void)std::printf x) data/tbb-2020.3/src/tbb/tbb_assert_impl.h:79:12: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. # define vsnprintf _vsnprintf data/tbb-2020.3/src/tbb/tbb_assert_impl.h:89:13: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf( str, 1024-1, format, args); data/tbb-2020.3/src/tbb/tbb_misc.cpp:90:10: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/tbb-2020.3/src/tbb/tbb_misc.cpp:90:19: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/tbb-2020.3/src/tbb/tbb_misc.cpp:216:9: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf( str, 1024-1, format, args); data/tbb-2020.3/src/tbb/tbb_statistics.cpp:129:13: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf( my_file, fmt, args ); data/tbb-2020.3/src/tbb/tbb_statistics.cpp:134:9: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf( fmt, args ); data/tbb-2020.3/src/tbbmalloc/shared_utils.h:121:39: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (!found[i] && 1 == sscanf(buf, items[i].format, &items[i].value)) { data/tbb-2020.3/src/tbbmalloc/tbb_function_replacement.cpp:28:38: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define LOG_PRINT(s, n, format, ...) snprintf(s, n, format, __VA_ARGS__) data/tbb-2020.3/src/tbbmalloc/tbbmalloc_internal.h:63:19: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define TRACEF(x) printf x data/tbb-2020.3/src/tbbproxy/tbbproxy.cpp:37:13: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/tbb-2020.3/src/tbbproxy/tbbproxy.cpp:37:22: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/tbb-2020.3/src/tbbproxy/tbbproxy.cpp:89:15: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int len = vsnprintf( NULL, 0, format, args ); data/tbb-2020.3/src/tbbproxy/tbbproxy.cpp:96:9: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf( buf, len + 1, format, args ); data/tbb-2020.3/src/test/harness_allocator.h:43:12: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. using std::printf; data/tbb-2020.3/src/test/harness_memory.h:74:16: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (1==sscanf(buf_stat, pattern, &size)) { data/tbb-2020.3/src/test/harness_report.h:57:13: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/tbb-2020.3/src/test/harness_report.h:57:22: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/tbb-2020.3/src/test/harness_report.h:59:13: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define vsnprintf _vsnprintf data/tbb-2020.3/src/test/harness_report.h:112:23: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int len = vsnprintf (msg, MAX_TRACE_SIZE, msg_fmt, argptr); data/tbb-2020.3/src/test/test_ScalableAllocator.cpp:186:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(p1, text); data/tbb-2020.3/src/test/test_eh_flow_graph.cpp:556:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(mymsg, "%s iter=%d, threads=%d, throw=%s, flog=%s", saved_msg, iter, g_NumThreads, data/tbb-2020.3/src/test/test_inits_loop.cpp:57:9: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execl(self, self, "0", NULL); data/tbb-2020.3/src/test/test_malloc_overload.cpp:313:5: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system("rem should be a safe command to call"); data/tbb-2020.3/src/test/test_malloc_overload_disable.cpp:47:14: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if ((system(TEST_SYSTEM_COMMAND)) != 0) { data/tbb-2020.3/src/test/test_malloc_shutdown_hang.cpp:79:9: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execl(self, self, "1", NULL); data/tbb-2020.3/src/test/test_opencl_node.cpp:223:18: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. auto i1 = b1.access<write_only>(); data/tbb-2020.3/src/test/test_opencl_node.cpp:224:18: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. auto i2 = b2.access<write_only>(); data/tbb-2020.3/src/test/test_opencl_node.cpp:257:18: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. auto o2 = b2.access<read_only>(); data/tbb-2020.3/src/test/test_opencl_node.cpp:258:18: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. auto o3 = b3.access<read_only>(); data/tbb-2020.3/src/test/test_opencl_node.cpp:696:22: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. auto i1 = b1.access<write_only>(); data/tbb-2020.3/src/test/test_opencl_node.cpp:697:22: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. auto i2 = b2.access<write_only>(); data/tbb-2020.3/src/test/test_opencl_node.cpp:750:18: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. auto i1 = b1.access<write_only>(); data/tbb-2020.3/src/test/test_opencl_node.cpp:751:18: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. auto i2 = b2.access<write_only>(); data/tbb-2020.3/src/test/test_tbb_version.cpp:120:19: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if( ( system(TEST_SYSTEM_COMMAND) ) != 0 ){ data/tbb-2020.3/src/test/test_tbb_version.cpp:156:15: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if( ( system(TEST_SYSTEM_COMMAND) ) != 0 ){ data/tbb-2020.3/examples/common/gui/xvideo.cpp:187:18: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if(NULL!=getenv(NOSHMEM_env_var_name) && 0!=strcmp("0",getenv(NOSHMEM_env_var_name))) { data/tbb-2020.3/examples/common/gui/xvideo.cpp:187:64: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if(NULL!=getenv(NOSHMEM_env_var_name) && 0!=strcmp("0",getenv(NOSHMEM_env_var_name))) { data/tbb-2020.3/examples/common/utility/utility.h:466:19: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. i.setstate(std::ios::failbit); data/tbb-2020.3/examples/concurrent_hash_map/count_strings/count_strings.cpp:184:9: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(2); data/tbb-2020.3/examples/graph/binpack/binpack.cpp:240:9: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(42); data/tbb-2020.3/examples/parallel_do/parallel_preorder/main.cpp:63:13: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(2); data/tbb-2020.3/examples/parallel_for/game_of_life/src/Game_of_life.cpp:81:5: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(s); data/tbb-2020.3/examples/parallel_for/polygon_overlay/polymain.cpp:599:5: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((unsigned)newSeed); data/tbb-2020.3/examples/parallel_for/tachyon/src/apigeom.cpp:243:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(totalsize); data/tbb-2020.3/examples/parallel_for/tachyon/src/main.cpp:237:19: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *title = getenv ("TITLE"); data/tbb-2020.3/examples/parallel_for/tachyon/src/pthread.cpp:128:5: [3] (misc) InitializeCriticalSection: Exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. InitializeCriticalSection (&mutex->critsec); data/tbb-2020.3/examples/parallel_for/tachyon/src/pthread.cpp:141:5: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection (&mutex->critsec); data/tbb-2020.3/examples/parallel_for/tachyon/src/trace.tbb.cpp:231:26: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *nthreads_str = getenv ("TBB_NUM_THREADS"); data/tbb-2020.3/examples/parallel_for/tachyon/src/trace.tbb.cpp:253:23: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *grain_str = getenv ("TBB_GRAINSIZE"); data/tbb-2020.3/examples/parallel_for/tachyon/src/trace.tbb.cpp:255:23: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *sched_str = getenv ("TBB_PARTITIONER"); data/tbb-2020.3/examples/parallel_for/tachyon/src/trace.tbb1d.cpp:175:26: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *nthreads_str = getenv ("TBB_NUM_THREADS"); data/tbb-2020.3/examples/parallel_for/tachyon/src/trace.tbb1d.cpp:190:23: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *grain_str = getenv ("TBB_GRAINSIZE"); data/tbb-2020.3/examples/parallel_for/tachyon/src/trace.tbb1d.cpp:192:23: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *sched_str = getenv ("TBB_PARTITIONER"); data/tbb-2020.3/examples/parallel_reduce/convex_hull/convex_hull.h:96:63: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. point<T> GenerateRNDPoint(size_t& count, rng_functor_type random, size_t rand_max) { data/tbb-2020.3/examples/parallel_reduce/convex_hull/convex_hull.h:100:15: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. T x = random()*2.0/(double)rand_max - 1; data/tbb-2020.3/examples/parallel_reduce/convex_hull/convex_hull.h:101:15: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. T y = random()*2.0/(double)rand_max - 1; data/tbb-2020.3/examples/parallel_reduce/convex_hull/convex_hull.h:106:21: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (random()/(double)rand_max > 0.5) data/tbb-2020.3/examples/parallel_reduce/convex_hull/convex_hull.h:108:21: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (random()/(double)rand_max > 0.5) data/tbb-2020.3/include/tbb/critical_section.h:96:9: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection( &my_impl ); data/tbb-2020.3/include/tbb/mutex.h:163:9: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection(&impl); data/tbb-2020.3/include/tbb/recursive_mutex.h:175:9: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection(&impl); data/tbb-2020.3/python/rml/ipc_server.cpp:106:19: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char* value = getenv( IPC_ACTIVE_SEM_VAR_NAME ); data/tbb-2020.3/python/rml/ipc_server.cpp:118:19: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char* value = getenv( IPC_STOP_SEM_VAR_NAME ); data/tbb-2020.3/python/rml/ipc_server.cpp:1103:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if( getenv( "RML_DEBUG" ) ) { data/tbb-2020.3/python/rml/ipc_utils.cpp:111:19: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char* value = getenv( env_var ); data/tbb-2020.3/python/rml/ipc_utils.cpp:125:19: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char* value = getenv( env_var ); data/tbb-2020.3/src/perf/cpq_pdes.cpp:207:5: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(42); data/tbb-2020.3/src/perf/statistics.cpp:148:31: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char *file_suffix = getenv("STAT_SUFFIX"); data/tbb-2020.3/src/perf/statistics.cpp:150:31: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char *file_format = getenv("STAT_FORMAT"); data/tbb-2020.3/src/perf/statistics.cpp:161:28: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char *info = getenv(env.c_str()); data/tbb-2020.3/src/perf/statistics.cpp:212:33: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char *delim = getenv("STAT_DELIMITER"); data/tbb-2020.3/src/perf/statistics.cpp:374:29: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. strcpy(UserName,getenv("USERNAME")); data/tbb-2020.3/src/perf/statistics.cpp:376:29: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. strcpy(UserName,getenv("USER")); data/tbb-2020.3/src/perf/time_cpq_throughput_test.cpp:265:5: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(42); data/tbb-2020.3/src/perf/time_hash_map_fill.cpp:151:8: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if(getenv("TABLE_SIZE")) data/tbb-2020.3/src/perf/time_hash_map_fill.cpp:152:31: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. MAX_TABLE_SIZE = atoi(getenv("TABLE_SIZE")); data/tbb-2020.3/src/perf/time_hash_map_fill.cpp:157:5: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(10101); data/tbb-2020.3/src/tbb/arena.cpp:597:63: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. void arena::enqueue_task( task& t, intptr_t prio, FastRandom &random ) data/tbb-2020.3/src/tbb/arena.cpp:640:81: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. my_critical_task_stream.push( &t, 0, internal::random_lane_selector(random) ); data/tbb-2020.3/src/tbb/arena.cpp:652:64: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. my_task_stream.push( &t, p, internal::random_lane_selector(random) ); data/tbb-2020.3/src/tbb/arena.cpp:654:33: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. my_task_stream.push( &t, p, random ); data/tbb-2020.3/src/tbb/arena.cpp:661:64: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. my_task_stream.push( &t, 0, internal::random_lane_selector(random) ); data/tbb-2020.3/src/tbb/arena.cpp:663:33: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. my_task_stream.push( &t, 0, random ); data/tbb-2020.3/src/tbb/condition_variable.cpp:46:5: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection( &cv_event->mutex ); data/tbb-2020.3/src/tbb/condition_variable.cpp:54:9: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection( &cv_event->mutex ); data/tbb-2020.3/src/tbb/condition_variable.cpp:60:17: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection( cs ); data/tbb-2020.3/src/tbb/condition_variable.cpp:79:5: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection( cs ); data/tbb-2020.3/src/tbb/condition_variable.cpp:85:5: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection( &cv_event->mutex ); data/tbb-2020.3/src/tbb/condition_variable.cpp:96:5: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection( &cv_event->mutex ); data/tbb-2020.3/src/tbb/condition_variable.cpp:108:5: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection( &cv_event->mutex ); data/tbb-2020.3/src/tbb/condition_variable.cpp:115:9: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection( &cv_event->mutex ); data/tbb-2020.3/src/tbb/dynamic_link.cpp:31:37: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. #define dlopen( name, flags ) LoadLibrary( name ) data/tbb-2020.3/src/tbb/mutex.cpp:33:13: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection( &m.impl ); data/tbb-2020.3/src/tbb/recursive_mutex.cpp:31:9: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection( &m.impl ); data/tbb-2020.3/src/tbb/task_stream.h:101:53: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. void push( task* source, int level, FastRandom& random ) { data/tbb-2020.3/src/tbb/task_stream.h:105:19: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. idx = random.get() & (N-1); data/tbb-2020.3/src/tbb/task_stream_extended.h:90:39: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. random_lane_selector( FastRandom& random ) : my_random( random ) {} data/tbb-2020.3/src/tbb/task_stream_extended.h:90:61: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. random_lane_selector( FastRandom& random ) : my_random( random ) {} data/tbb-2020.3/src/tbb/tbb_environment.h:39:30: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if( const char* s = std::getenv(name) ) data/tbb-2020.3/src/tbb/tbb_environment.h:58:30: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if( const char* s = std::getenv(name) ) data/tbb-2020.3/src/tbb/tools_api/ittnotify_config.h:235:35: [3] (misc) InitializeCriticalSection: Exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. #define __itt_mutex_init(mutex) InitializeCriticalSection(mutex) data/tbb-2020.3/src/tbb/tools_api/ittnotify_config.h:236:35: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. #define __itt_mutex_lock(mutex) EnterCriticalSection(mutex) data/tbb-2020.3/src/tbb/tools_api/ittnotify_static.c:802:21: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char* env = getenv(name); data/tbb-2020.3/src/tbbmalloc/Statistics.h:66:17: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (NULL != getenv(MALLOCENV_COLLECT_STATISTICS)) data/tbb-2020.3/src/tbbmalloc/tbbmalloc_internal.h:370:34: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char *envVal = getenv(envName); data/tbb-2020.3/src/tbbproxy/tbbproxy.cpp:251:16: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. return LoadLibrary( name ); data/tbb-2020.3/src/test/harness.h:114:13: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection(&my_critical_section); data/tbb-2020.3/src/test/harness.h:846:21: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. return std::getenv(envname); data/tbb-2020.3/src/test/harness.h:853:34: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if( const char* s = std::getenv(envname) ){ data/tbb-2020.3/src/test/harness_dynamic_libs.h:84:14: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. return ::LoadLibrary(name); data/tbb-2020.3/src/test/test_fast_random.cpp:81:39: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. tbb::internal::FastRandom random( seed ); data/tbb-2020.3/src/test/test_fast_random.cpp:84:21: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. ASSERT((random.c&1)!=0, "c is relatively prime to m"); data/tbb-2020.3/src/test/test_fast_random.cpp:85:21: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. ASSERT((random.a-1)%4==0, "a-1 is a multiple of p, for every prime p dividing m." data/tbb-2020.3/src/test/test_fast_random.cpp:98:33: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. uintptr_t idx = random.get() % randomRange; data/tbb-2020.3/src/test/test_fast_random.cpp:113:27: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. int idx = random.get() % randomRange; data/tbb-2020.3/src/test/test_malloc_compliance.cpp:205:13: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((UINT)time(NULL)); data/tbb-2020.3/src/test/test_malloc_overload.cpp:391:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. ASSERT(getenv("PATH"), "We assume that PATH is set everywhere."); data/tbb-2020.3/src/test/test_malloc_overload.cpp:392:29: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *pathCopy = strdup(getenv("PATH")); data/tbb-2020.3/src/test/test_malloc_overload.cpp:394:28: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. ASSERT(strcmp(pathCopy,getenv("PATH")) == 0, "strdup workaround does not work as expected."); data/tbb-2020.3/src/test/test_malloc_overload.cpp:397:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. ASSERT(!getenv(newEnvName), "Environment variable should not be used before."); data/tbb-2020.3/src/test/test_malloc_overload.cpp:400:18: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *path = getenv("PATH"); data/tbb-2020.3/src/test/test_malloc_whitebox.cpp:1053:9: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(1234); data/tbb-2020.3/src/test/test_model_plugin.cpp:104:5: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(2); data/tbb-2020.3/src/test/test_model_plugin.cpp:160:12: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. hLib = LoadLibrary("irml.dll"); data/tbb-2020.3/src/test/test_model_plugin.cpp:162:16: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. hLib = LoadLibrary("irml_debug.dll"); data/tbb-2020.3/src/test/test_task_arena.cpp:856:81: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. HeavyMixTestBody( tbb::enumerable_thread_specific<Harness::FastRandom>& random, data/tbb-2020.3/src/test/test_task_arena.cpp:858:25: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. : myRandom( random ), myIsolatedLevel( isolated_level ) data/tbb-2020.3/src/test/test_task_arena.cpp:886:62: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. tbb::enumerable_thread_specific<Harness::FastRandom> random( init_random ); data/tbb-2020.3/src/test/test_task_arena.cpp:889:33: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. HeavyMixTestBody b( random, isolated_level, 1 ); data/tbb-2020.3/src/test/test_task_scheduler_init.cpp:115:13: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. using ::srand; data/tbb-2020.3/src/test/test_task_scheduler_init.cpp:333:10: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. std::srand(2); data/tbb-2020.3/src/test/test_tbb_version.cpp:117:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ( getenv("TBB_VERSION") ){ data/tbb-2020.3/src/test/test_tbb_version.cpp:152:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ( !getenv("TBB_VERSION") ){ data/tbb-2020.3/examples/common/gui/winvideo.h:204:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[256], n = _snprintf(buffer, 128, "%s: %d fps", v->title, int(double(g_fps + g_skips)/sec)); data/tbb-2020.3/examples/common/gui/xvideo.cpp:103:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char err[256]; XGetErrorText(dpy_, x_error, err, 255); data/tbb-2020.3/examples/common/gui/xvideo.cpp:203:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char err[256]; XGetErrorText(dpy, x_error, err, 255); data/tbb-2020.3/examples/common/gui/xvideo.cpp:334:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[256]; snprintf(buffer, 256, "%s%s: %d fps", title, updating?"":" (no updating)", int(fps/sec)); data/tbb-2020.3/examples/graph/cholesky/cholesky.cpp:171:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( A0, A, sizeof( double )*n*n ); data/tbb-2020.3/examples/graph/cholesky/cholesky.cpp:289:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char a[4]; data/tbb-2020.3/examples/graph/cholesky/init.cpp:63:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen( fname, "r" ); data/tbb-2020.3/examples/graph/cholesky/init.cpp:99:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen( fname, "w" ); data/tbb-2020.3/examples/graph/dining_philosophers/dining_philosophers.cpp:77:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char charbuf[100]; data/tbb-2020.3/examples/graph/dining_philosophers/dining_philosophers.cpp:78:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. std::sprintf(charbuf, "%d", NumPhilosophers); data/tbb-2020.3/examples/graph/fgbzip2/bzlib.cpp:1438:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char unused[BZ_MAX_UNUSED]; data/tbb-2020.3/examples/graph/fgbzip2/bzlib.cpp:1441:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mode2[10] = ""; data/tbb-2020.3/examples/graph/fgbzip2/bzlib.cpp:1473:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(path,mode2); data/tbb-2020.3/examples/graph/stereo/lodepng.cpp:372:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(filename, "rb"); data/tbb-2020.3/examples/graph/stereo/lodepng.cpp:394:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(filename, "rb"); data/tbb-2020.3/examples/graph/stereo/lodepng.cpp:420:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(filename, "wb" ); data/tbb-2020.3/examples/graph/stereo/lodepng.cpp:1202:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out->data + *pos, out->data + backward, length); data/tbb-2020.3/examples/graph/stereo/lodepng.cpp:2425:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void lodepng_chunk_type(char type[5], const unsigned char* chunk) data/tbb-2020.3/examples/graph/stereo/lodepng.h:584:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char palette[1024]; /*Remembers up to the first 256 RGBA colors, in no particular order*/ data/tbb-2020.3/examples/graph/stereo/lodepng.h:708:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void lodepng_chunk_type(char type[5], const unsigned char* chunk); data/tbb-2020.3/examples/parallel_for/game_of_life/src/Evolution.cpp:45:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_matrix->data, m_dest, m_size); data/tbb-2020.3/examples/parallel_for/game_of_life/src/Game_of_life.cpp:97:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_matrix->data, src->m_matrix->data, m_height*m_width); data/tbb-2020.3/examples/parallel_for/polygon_overlay/polymain.cpp:66:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). gCsvFile.open(fname_buf.c_str()); data/tbb-2020.3/examples/parallel_for/seismic/seismic_video.h:28:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szWindowClass[MAX_LOADSTRING]; // the main window class name data/tbb-2020.3/examples/parallel_for/seismic/seismic_video.h:31:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char * const titles[2]; data/tbb-2020.3/examples/parallel_for/seismic/universe.h:79:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char material[MaxHeight][MaxWidth]; data/tbb-2020.3/examples/parallel_for/tachyon/src/api.h:84:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char imap[96]; /* name of image map */ data/tbb-2020.3/examples/parallel_for/tachyon/src/jpeg.cpp:81:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((ifp = fopen(name, "rb")) == NULL) data/tbb-2020.3/examples/parallel_for/tachyon/src/main.cpp:81:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[1024]; /* model file to render */ data/tbb-2020.3/examples/parallel_for/tachyon/src/main.cpp:83:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outfilename[1024]; /* name of output image file */ data/tbb-2020.3/examples/parallel_for/tachyon/src/main.cpp:90:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char camfilename[1024]; /* camera filename */ data/tbb-2020.3/examples/parallel_for/tachyon/src/main.cpp:180:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[1024]; data/tbb-2020.3/examples/parallel_for/tachyon/src/main.cpp:249:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (name, " (DEBUG BUILD)"); data/tbb-2020.3/examples/parallel_for/tachyon/src/parse.cpp:118:40: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static errcode add_texture(void * tex, char name[TEXNAMELEN]) { data/tbb-2020.3/examples/parallel_for/tachyon/src/parse.cpp:132:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static void * find_texture(char name[TEXNAMELEN]) { data/tbb-2020.3/examples/parallel_for/tachyon/src/parse.cpp:193:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[255]; data/tbb-2020.3/examples/parallel_for/tachyon/src/parse.cpp:212:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). dfile=fopen(modelfile,"r"); data/tbb-2020.3/examples/parallel_for/tachyon/src/parse.cpp:246:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outfilename[200]; data/tbb-2020.3/examples/parallel_for/tachyon/src/parse.cpp:257:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (outfilename, "NUL:"); data/tbb-2020.3/examples/parallel_for/tachyon/src/parse.cpp:313:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char objtype[80]; data/tbb-2020.3/examples/parallel_for/tachyon/src/parse.cpp:397:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char texname[TEXNAMELEN]; data/tbb-2020.3/examples/parallel_for/tachyon/src/parse.cpp:406:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char texname[TEXNAMELEN]; data/tbb-2020.3/examples/parallel_for/tachyon/src/parse.cpp:407:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char aliasname[TEXNAMELEN]; data/tbb-2020.3/examples/parallel_for/tachyon/src/parse.cpp:418:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[255]; data/tbb-2020.3/examples/parallel_for/tachyon/src/parse.cpp:432:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[255]; data/tbb-2020.3/examples/parallel_for/tachyon/src/parse.cpp:662:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[255]; data/tbb-2020.3/examples/parallel_for/tachyon/src/parse.cpp:800:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifname[255]; data/tbb-2020.3/examples/parallel_for/tachyon/src/parse.cpp:825:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((ifp=fopen(ifname, "r")) == NULL) { data/tbb-2020.3/examples/parallel_for/tachyon/src/parse.h:72:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[TEXNAMELEN]; data/tbb-2020.3/examples/parallel_for/tachyon/src/parse.h:81:40: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static errcode add_texture(void * tex, char name[TEXNAMELEN]); data/tbb-2020.3/examples/parallel_for/tachyon/src/ppm.cpp:76:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ch[200]; data/tbb-2020.3/examples/parallel_for/tachyon/src/ppm.cpp:92:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[200]; data/tbb-2020.3/examples/parallel_for/tachyon/src/ppm.cpp:98:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ifp=fopen(name, "r"); data/tbb-2020.3/examples/parallel_for/tachyon/src/tachyon_video.cpp:61:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[8192]; data/tbb-2020.3/examples/parallel_for/tachyon/src/tgafile.cpp:66:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ofp=fopen(name, "w+b"); data/tbb-2020.3/examples/parallel_for/tachyon/src/tgafile.cpp:68:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msgtxt[2048]; data/tbb-2020.3/examples/parallel_for/tachyon/src/tgafile.cpp:104:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ofp=fopen(filename, "r+b"); data/tbb-2020.3/examples/parallel_for/tachyon/src/tgafile.cpp:106:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msgtxt[2048]; data/tbb-2020.3/examples/parallel_for/tachyon/src/tgafile.cpp:138:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msgtxt[256]; data/tbb-2020.3/examples/parallel_for/tachyon/src/tgafile.cpp:139:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msgtxt, "File write problem, %d bytes written.", (int)numbytes); data/tbb-2020.3/examples/parallel_for/tachyon/src/tgafile.cpp:157:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ifp=fopen(name, "r"); data/tbb-2020.3/examples/parallel_for/tachyon/src/tgafile.cpp:204:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(copytmp, &((*imgdata)[rowsize*i]), rowsize); data/tbb-2020.3/examples/parallel_for/tachyon/src/tgafile.cpp:205:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(*imgdata)[rowsize*i], &(*imgdata)[rowsize*(height - 1 - i)], rowsize); data/tbb-2020.3/examples/parallel_for/tachyon/src/tgafile.cpp:206:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(*imgdata)[rowsize*(height - 1 - i)], copytmp, rowsize); data/tbb-2020.3/examples/parallel_for/tachyon/src/trace_rest.cpp:112:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msgtxt[2048]; data/tbb-2020.3/examples/parallel_for/tachyon/src/trace_rest.cpp:113:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msgtxt, "Node %3d tracing region %4d, %4d ---> %4d, %4d \n", 0, startx,starty,stopx,stopy); data/tbb-2020.3/examples/parallel_for/tachyon/src/types.h:122:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[96]; /* image filename (with path) */ data/tbb-2020.3/examples/parallel_for/tachyon/src/types.h:132:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[96]; /* Volume data filename */ data/tbb-2020.3/examples/parallel_for/tachyon/src/types.h:183:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outfilename[200]; /* name of the output image */ data/tbb-2020.3/examples/parallel_for/tachyon/src/vol.cpp:279:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msgtxt[2048]; data/tbb-2020.3/examples/parallel_for/tachyon/src/vol.cpp:281:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). dfile=fopen(vol->name, "r"); data/tbb-2020.3/examples/parallel_for/tachyon/src/vol.cpp:283:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msgtxt[2048]; data/tbb-2020.3/examples/pipeline/square/gen_input.cpp:36:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fptr = fopen(fname, "w"); data/tbb-2020.3/examples/pipeline/square/square.cpp:67:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( logical_end, first, last-first ); data/tbb-2020.3/examples/pipeline/square/square.cpp:147:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(q, "%ld", y); data/tbb-2020.3/examples/pipeline/square/square.cpp:181:24: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* input_file = fopen( InputFileName.c_str(), "r" ); data/tbb-2020.3/examples/pipeline/square/square.cpp:186:25: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* output_file = fopen( OutputFileName.c_str(), "w" ); data/tbb-2020.3/examples/task_group/sudoku/sudoku.cpp:56:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(filename, "r"); data/tbb-2020.3/include/tbb/concurrent_priority_queue.h:360:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char padding1[NFS_MaxLineSize - sizeof(aggregator_t)]; data/tbb-2020.3/include/tbb/concurrent_priority_queue.h:366:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char padding2[NFS_MaxLineSize - (2*sizeof(size_type)) - sizeof(Compare)]; data/tbb-2020.3/include/tbb/enumerable_thread_specific.h:763:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef char yes[1]; data/tbb-2020.3/include/tbb/enumerable_thread_specific.h:764:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef char no [2]; data/tbb-2020.3/include/tbb/internal/_concurrent_queue_impl.h:86:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pad1[NFS_MaxLineSize-sizeof(atomic<ticket>)]; data/tbb-2020.3/include/tbb/internal/_concurrent_queue_impl.h:88:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pad2[NFS_MaxLineSize-sizeof(atomic<ticket>)]; data/tbb-2020.3/include/tbb/internal/_concurrent_queue_impl.h:99:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pad3[NFS_MaxLineSize-sizeof(size_t)-sizeof(size_t)-sizeof(atomic<size_t>)]; data/tbb-2020.3/include/tbb/internal/_flow_graph_types_impl.h:392:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char first[sizeof(T1)]; data/tbb-2020.3/include/tbb/internal/_flow_graph_types_impl.h:394:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fill1[REM]; data/tbb-2020.3/include/tbb/internal/_flow_graph_types_impl.h:399:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char first[sizeof(T1)]; data/tbb-2020.3/include/tbb/internal/_flow_graph_types_impl.h:485:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value_space[space_size]; data/tbb-2020.3/include/tbb/internal/_x86_rtm_rw_mutex_impl.h:211:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pad[speculation_granularity-sizeof(spin_rw_mutex)]; // padding data/tbb-2020.3/include/tbb/task.h:424:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _leading_padding[internal::NFS_MaxLineSize data/tbb-2020.3/include/tbb/task.h:467:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _trailing_padding[internal::NFS_MaxLineSize - 2 * sizeof(uintptr_t) - 2 * sizeof(void*) data/tbb-2020.3/include/tbb/tbb_stddef.h:255:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pad[S - R]; data/tbb-2020.3/python/rml/ipc_server.cpp:144:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( templ + strlen( IPC_ACTIVE_SEM_PREFIX ), "_XXXXXX" ); data/tbb-2020.3/python/rml/ipc_server.cpp:157:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( templ + strlen( IPC_STOP_SEM_PREFIX ), "_XXXXXX" ); data/tbb-2020.3/python/rml/ipc_server.cpp:298:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pad[cache_line_size - sizeof(ipc_worker)%cache_line_size]; data/tbb-2020.3/python/rml/ipc_utils.cpp:61:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stat_file_path[MAX_STR_LEN + 1]; data/tbb-2020.3/python/rml/ipc_utils.cpp:64:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* stat_file = fopen( stat_file_path, "rt" ); data/tbb-2020.3/python/rml/ipc_utils.cpp:69:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stat_line[MAX_STR_LEN + 1]; data/tbb-2020.3/src/old/concurrent_queue_v2.cpp:116:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pad1[NFS_MaxLineSize-sizeof(atomic<ticket>)]; data/tbb-2020.3/src/old/concurrent_queue_v2.cpp:119:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pad2[NFS_MaxLineSize-sizeof(atomic<ticket>)]; data/tbb-2020.3/src/perf/perf.cpp:238:39: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* f = histogramFileName ? fopen(histogramFileName, "wt") : stdout; data/tbb-2020.3/src/perf/perf.cpp:667:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char WorkloadName[MaxWorkloadNameLen + 1]; data/tbb-2020.3/src/perf/perf.cpp:727:21: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( WorkloadName, "%d", w ); data/tbb-2020.3/src/perf/perf.cpp:764:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ResFile = fopen( theSettings.my_resFile, "w" ); data/tbb-2020.3/src/perf/statistics.cpp:76:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16]; data/tbb-2020.3/src/perf/statistics.cpp:134:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[16]; data/tbb-2020.3/src/perf/statistics.cpp:193:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fmt[8]; snprintf(fmt, 7, "|%% %us", unsigned(max(size_t(3), t->size()))); data/tbb-2020.3/src/perf/statistics.cpp:209:27: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((OutputFile = fopen((Name+file_suffix+file_ext).c_str(), append?"at":"wt")) == NULL) { data/tbb-2020.3/src/perf/statistics.cpp:284:27: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((OutputFile = fopen((Name+file_suffix+".html").c_str(), "w+t")) == NULL) { data/tbb-2020.3/src/perf/statistics.cpp:287:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char TimerBuff[100], DateBuff[100]; data/tbb-2020.3/src/perf/statistics.cpp:367:27: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((OutputFile = fopen((Name+file_suffix+".xml").c_str(), "w+t")) == NULL) { data/tbb-2020.3/src/perf/statistics.cpp:371:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char UserName[100]; data/tbb-2020.3/src/perf/statistics.cpp:372:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char TimerBuff[100], DateBuff[100]; data/tbb-2020.3/src/perf/statistics.h:173:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[size]; memset(name, 0, size); \ data/tbb-2020.3/src/perf/time_fibonacci_cutoff.cpp:103:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int P = atoi(argv[1]); data/tbb-2020.3/src/perf/time_fibonacci_cutoff.cpp:104:23: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). volatile long n = atol(argv[2]); data/tbb-2020.3/src/perf/time_fibonacci_cutoff.cpp:105:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int T = atoi(argv[3]); data/tbb-2020.3/src/perf/time_framework.h:71:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pad[128 - sizeof(arg_t) - sizeof(int)*2 - sizeof(void*)*2 ]; data/tbb-2020.3/src/perf/time_hash_map_fill.cpp:152:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). MAX_TABLE_SIZE = atoi(getenv("TABLE_SIZE")); data/tbb-2020.3/src/perf/time_parallel_for_each.cpp:59:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). const int N = argc > 1 ? std::atoi( argv[1] ) : 10 * 1000; data/tbb-2020.3/src/perf/time_parallel_for_each.cpp:60:44: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). const int numRepeats = argc > 2 ? std::atoi( argv[2] ) : 10; data/tbb-2020.3/src/rml/client/rml_factory.h:49:38: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ::rml::factory::status_type FACTORY::open() { data/tbb-2020.3/src/rml/include/rml_omp.h:109:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). status_type open(); data/tbb-2020.3/src/rml/include/rml_tbb.h:79:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). status_type open(); data/tbb-2020.3/src/rml/perfor/thread_level.h:82:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errStr[100]; data/tbb-2020.3/src/rml/perfor/thread_level.h:85:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errStr, "ERROR: Number of threads (%d+%d+%d+%d=%d) in use exceeds maximum (%d).\n", data/tbb-2020.3/src/rml/perfor/thread_level.h:102:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* f = fopen("time.txt","w"); data/tbb-2020.3/src/rml/server/rml_server.cpp:567:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pad[cache_line_size - sizeof(T)%cache_line_size]; data/tbb-2020.3/src/rml/test/test_rml_mixed.cpp:93:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dir[PATH_LEN+1]; data/tbb-2020.3/src/rml/test/test_rml_mixed.cpp:132:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). factory.open(); data/tbb-2020.3/src/rml/test/test_rml_mixed.cpp:171:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* f = fopen("time.txt","w"); data/tbb-2020.3/src/rml/test/test_rml_tbb.cpp:160:45: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). MyFactory::status_type status = factory.open(); data/tbb-2020.3/src/rml/test/test_rml_tbb.cpp:180:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). factory.open(); data/tbb-2020.3/src/rml/test/test_server.h:326:52: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). typename Factory::status_type status = factory.open(); data/tbb-2020.3/src/rml/test/test_server.h:405:52: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). typename Factory::status_type status = factory.open(); data/tbb-2020.3/src/tbb/concurrent_queue.cpp:132:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pad1[NFS_MaxLineSize-((sizeof(atomic<ticket>)+sizeof(concurrent_monitor)+sizeof(atomic<size_t>))&(NFS_MaxLineSize-1))]; data/tbb-2020.3/src/tbb/concurrent_queue.cpp:136:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pad2[NFS_MaxLineSize-((sizeof(atomic<ticket>)+sizeof(concurrent_monitor))&(NFS_MaxLineSize-1))]; data/tbb-2020.3/src/tbb/dynamic_link.cpp:149:9: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR wlibrary[256]; data/tbb-2020.3/src/tbb/dynamic_link.cpp:150:14: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). if ( MultiByteToWideChar(CP_UTF8, 0, library, -1, wlibrary, 255) == 0 ) return false; data/tbb-2020.3/src/tbb/dynamic_link.cpp:259:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _path[PATH_MAX+1]; data/tbb-2020.3/src/tbb/dynamic_link.cpp:514:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[ len ]; data/tbb-2020.3/src/tbb/governor.cpp:243:59: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ::rml::factory::status_type res = theRMLServerFactory.open(); data/tbb-2020.3/src/tbb/private_server.cpp:109:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pad[cache_line_size - sizeof(private_worker)%cache_line_size]; data/tbb-2020.3/src/tbb/scheduler.h:484:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _padding1[NFS_MaxLineSize - sizeof(context_list_node_t)]; data/tbb-2020.3/src/tbb/scheduler_utility.h:95:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( dst, m_cur_segment + m_pos, sz * sizeof(T) ); data/tbb-2020.3/src/tbb/scheduler_utility.h:99:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( dst, m_segments[i], sz * sizeof(T) ); data/tbb-2020.3/src/tbb/tbb_assert_impl.h:87:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[1024]; memset(str, 0, 1024); data/tbb-2020.3/src/tbb/tbb_main.cpp:34:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char _pad[NFS_MaxLineSize - sizeof(int)] = {}; data/tbb-2020.3/src/tbb/tbb_misc.cpp:88:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/tbb-2020.3/src/tbb/tbb_misc.cpp:106:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/tbb-2020.3/src/tbb/tbb_misc.cpp:213:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[1024]; memset(str, 0, 1024); data/tbb-2020.3/src/tbb/tbb_misc_ex.cpp:217:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen("/sys/devices/system/cpu/present", "r"); data/tbb-2020.3/src/tbb/tbb_statistics.cpp:61:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). my_file = fopen("statistics.txt","w"); data/tbb-2020.3/src/tbb/tools_api/ittnotify_config.h:431:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char magic[8]; data/tbb-2020.3/src/tbb/tools_api/ittnotify_static.c:231:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char dll_path[PATH_MAX] = { 0 }; data/tbb-2020.3/src/tbb/tools_api/ittnotify_static.c:773:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char env_buff[MAX_ENV_VALUE_SIZE]; data/tbb-2020.3/src/tbb/tools_api/ittnotify_static.c:835:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char system_wide_marker_filename[PATH_MAX] = {0}; data/tbb-2020.3/src/tbb/tools_api/ittnotify_static.c:845:30: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). itt_marker_file_fd = open(system_wide_marker_filename, O_RDONLY); data/tbb-2020.3/src/tbb/tools_api/ittnotify_static.c:850:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmdline_path[PATH_MAX] = {0}; data/tbb-2020.3/src/tbb/tools_api/ittnotify_static.c:851:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char package_name[PATH_MAX] = {0}; data/tbb-2020.3/src/tbb/tools_api/ittnotify_static.c:852:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char app_sandbox_file[PATH_MAX] = {0}; data/tbb-2020.3/src/tbb/tools_api/ittnotify_static.c:864:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). cmdline_fd = open(cmdline_path, O_RDONLY); data/tbb-2020.3/src/tbb/tools_api/ittnotify_static.c:896:34: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). itt_marker_file_fd = open(app_sandbox_file, O_RDONLY); data/tbb-2020.3/src/tbb/tools_api/ittnotify_static.c:905:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char itt_lib_name[PATH_MAX] = {0}; data/tbb-2020.3/src/tbb/tools_api/ittnotify_static.c:954:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gr[255]; data/tbb-2020.3/src/tbbmalloc/Statistics.h:81:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[100]; data/tbb-2020.3/src/tbbmalloc/Statistics.h:83:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(filename, "stat_ScalableMalloc_proc%04d_thr%04d.log", getpid(), thread); data/tbb-2020.3/src/tbbmalloc/Statistics.h:85:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(filename, "stat_ScalableMalloc_thr%04d.log", thread); data/tbb-2020.3/src/tbbmalloc/Statistics.h:87:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* outfile = fopen(filename, "w"); data/tbb-2020.3/src/tbbmalloc/frontend.cpp:2426:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result, ptr, copySize < newSize ? copySize : newSize); data/tbb-2020.3/src/tbbmalloc/frontend.cpp:3022:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, ptr, sz<oldSize? sz : oldSize); data/tbb-2020.3/src/tbbmalloc/frontend.cpp:3152:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, ptr, size<oldSize? size : oldSize); data/tbb-2020.3/src/tbbmalloc/proxy.cpp:701:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[sz]; data/tbb-2020.3/src/tbbmalloc/shared_utils.h:116:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUF_LINE_SIZE]; data/tbb-2020.3/src/tbbmalloc/shared_utils.h:118:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (FILE *f = fopen(file, "r")) { data/tbb-2020.3/src/tbbmalloc/tbb_function_replacement.cpp:57:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *records[RECORDS_COUNT + 1]; data/tbb-2020.3/src/tbbmalloc/tbb_function_replacement.cpp:259:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char opcodeString[2*MAX_PATTERN_SIZE+1]; data/tbb-2020.3/src/tbbmalloc/tbb_function_replacement.cpp:277:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( opcodeString + 2*i, "%.2X", *((unsigned char*)inpAddr+i) ); data/tbb-2020.3/src/tbbmalloc/tbb_function_replacement.cpp:313:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(Addrint2Ptr(address), &value, sizeof(value)); data/tbb-2020.3/src/tbbmalloc/tbb_function_replacement.cpp:343:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*storedAddr, codePtr, bytesToMove); data/tbb-2020.3/src/tbbmalloc/tbb_function_replacement.cpp:350:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((UCHAR*)(trampAddr+bytesToMove+1), &offset32, sizeof(offset32)); data/tbb-2020.3/src/tbbmalloc/tbb_function_replacement.cpp:359:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(codePtr+1, &offset32, sizeof(offset32)); data/tbb-2020.3/src/tbbmalloc/tbb_function_replacement.cpp:405:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*storedAddr, codePtr, bytesToMove); data/tbb-2020.3/src/tbbmalloc/tbb_function_replacement.cpp:412:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((UCHAR*)(trampAddr+bytesToMove+1), &offset32, sizeof(offset32)); data/tbb-2020.3/src/tbbmalloc/tbb_function_replacement.cpp:420:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(codePtr+2, &offset32, sizeof(offset32)); data/tbb-2020.3/src/tbbmalloc/tbb_function_replacement.cpp:483:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char cachedName[MAX_PATH+1]; data/tbb-2020.3/src/tbbmalloc/tbb_function_replacement.cpp:523:12: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static wchar_t cachedName[MAX_PATH+1]; data/tbb-2020.3/src/tbbmalloc/tbbmalloc_internal.h:639:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char scoped_lock_space[sizeof(MallocMutex::scoped_lock)+1]; data/tbb-2020.3/src/tbbproxy/tbbproxy.cpp:268:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[ 2048 ]; // Note: statically allocated buffer. data/tbb-2020.3/src/tbbproxy/tbbproxy.cpp:440:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( symbol.addr, addr, symbol.size ); data/tbb-2020.3/src/test/harness.h:169:34: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. union { SYMBOL_INFO sym; char pad[sizeof(SYMBOL_INFO)+len]; }; data/tbb-2020.3/src/test/harness_dynamic_libs.h:80:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR wlibrary[MAX_PATH]; data/tbb-2020.3/src/test/harness_dynamic_libs.h:81:10: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). if ( MultiByteToWideChar(CP_UTF8, 0, name, -1, wlibrary, MAX_PATH) == 0 ) return false; data/tbb-2020.3/src/test/harness_memory.h:68:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fst = fopen("/proc/self/status", "r"); data/tbb-2020.3/src/test/harness_memory.h:71:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_stat[BUF_SZ]; data/tbb-2020.3/src/test/harness_memory.h:102:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char x[1000]; data/tbb-2020.3/src/test/harness_report.h:103:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[MAX_TRACE_SIZE]; data/tbb-2020.3/src/test/harness_report.h:104:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg_fmt_buf[MAX_TRACE_SIZE]; data/tbb-2020.3/src/test/test_ScalableAllocator.cpp:181:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[1024*1024*4]; data/tbb-2020.3/src/test/test_ScalableAllocator.cpp:207:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[8*1024*1024]; data/tbb-2020.3/src/test/test_ScalableAllocator_STL.cpp:35:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[1024*1024*4]; data/tbb-2020.3/src/test/test_allocator.h:80:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int devNull = open("/dev/null", O_WRONLY); data/tbb-2020.3/src/test/test_atomic.cpp:681:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char array[1000]; data/tbb-2020.3/src/test/test_atomic.cpp:963:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char item[N]; data/tbb-2020.3/src/test/test_atomic.cpp:1120:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char raw_space[2*sizeof(T) -1]; data/tbb-2020.3/src/test/test_atomic.cpp:1140:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pad[4096/sizeof(T)]; data/tbb-2020.3/src/test/test_blocked_range.cpp:86:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char Array[N]; data/tbb-2020.3/src/test/test_blocked_range2d.cpp:109:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char Array[N][N]; data/tbb-2020.3/src/test/test_blocked_range3d.cpp:135:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char Array[N][N][N]; data/tbb-2020.3/src/test/test_concurrent_priority_queue.cpp:56:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char padding[tbb::internal::NFS_MaxLineSize - sizeof(int) % tbb::internal::NFS_MaxLineSize]; data/tbb-2020.3/src/test/test_container_move_support.h:124:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char reserve[1]; data/tbb-2020.3/src/test/test_eh_flow_graph.cpp:528:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mymsg[132]; data/tbb-2020.3/src/test/test_enumerable_thread_specific.cpp:71:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pad[N-sizeof(int) - sizeof(bool)]; data/tbb-2020.3/src/test/test_enumerable_thread_specific.cpp:1312:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char my_data[12 * 1024 * 1024]; data/tbb-2020.3/src/test/test_malloc_compliance.cpp:384:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, master+start, size); data/tbb-2020.3/src/test/test_malloc_overload.cpp:282:47: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. return new_str ? reinterpret_cast<char *>(memcpy(new_str, str, len)) : 0; data/tbb-2020.3/src/test/test_malloc_overload.cpp:320:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char f[minLargeObjectSize]; data/tbb-2020.3/src/test/test_malloc_regression.cpp:123:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p[NUM]; data/tbb-2020.3/src/test/test_malloc_whitebox.cpp:349:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char space[BUF_SIZE]; data/tbb-2020.3/src/test/test_parallel_for.cpp:61:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pad[Pad]; data/tbb-2020.3/src/test/test_parallel_scan.cpp:54:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char AddendHistory[MAXN]; data/tbb-2020.3/src/test/test_parallel_sort.cpp:297:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[20]; data/tbb-2020.3/src/test/test_parallel_sort.cpp:302:21: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%f", float(sin(float(i)))); data/tbb-2020.3/src/test/test_tagged_msg.cpp:41:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef char odd_array_type[15]; data/tbb-2020.3/src/test/test_tagged_msg.cpp:42:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef char odder_array[17]; data/tbb-2020.3/src/test/test_task.cpp:47:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. volatile char padding[paddingSize]; data/tbb-2020.3/src/test/test_task.cpp:284:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char space[N]; data/tbb-2020.3/src/test/test_task_steal_limit.cpp:37:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char map2[1024*1024*2]; data/tbb-2020.3/src/test/test_tbb_version.cpp:66:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char psBuffer[psBuffer_len]; data/tbb-2020.3/src/test/test_tbb_version.cpp:125:26: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). stream_err = fopen( stderr_stream, "r" ); data/tbb-2020.3/src/test/test_tbb_version.cpp:137:26: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). stream_out = fopen( stdout_stream, "r" ); data/tbb-2020.3/src/test/test_tbb_version.cpp:167:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). stream_out = fopen( stdout_stream, "r" ); data/tbb-2020.3/src/test/test_tbb_version.cpp:180:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). stream_err = fopen( stderr_stream, "r" ); data/tbb-2020.3/examples/common/gui/macvideo.cpp:54:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( window_title, title, WINDOW_TITLE_SIZE-1 ); data/tbb-2020.3/examples/common/gui/macvideo.cpp:141:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( window_title, title, WINDOW_TITLE_SIZE ); data/tbb-2020.3/examples/common/utility/utility.h:239:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const char * const end=begin+std::strlen(argv[j]); data/tbb-2020.3/examples/graph/fgbzip2/bzlib.cpp:956:14: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Int32 c = fgetc ( f ); data/tbb-2020.3/examples/graph/fgbzip2/bzlib.cpp:1466:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(mode2,"b"); /* binary mode */ data/tbb-2020.3/examples/graph/fgbzip2/fgbzip2.cpp:104:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). m_inputStream.read(buffer.b, m_chunkSize); data/tbb-2020.3/examples/graph/logic_sim/basics.h:31:5: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(msec*1000); data/tbb-2020.3/examples/graph/stereo/lodepng.cpp:323:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t insize = strlen(in), i; data/tbb-2020.3/examples/graph/stereo/lodepng.cpp:2434:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(type) != 4) return 0; data/tbb-2020.3/examples/graph/stereo/lodepng.cpp:5009:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t i, textsize = strlen(textstring); data/tbb-2020.3/examples/graph/stereo/lodepng.cpp:5036:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t i, textsize = strlen(textstring); data/tbb-2020.3/examples/graph/stereo/lodepng.cpp:5751:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(info.text_keys[i]) > 79) data/tbb-2020.3/examples/graph/stereo/lodepng.cpp:5756:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(info.text_keys[i]) < 1) data/tbb-2020.3/examples/graph/stereo/lodepng.cpp:5790:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(info.itext_keys[i]) > 79) data/tbb-2020.3/examples/graph/stereo/lodepng.cpp:5795:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(info.itext_keys[i]) < 1) data/tbb-2020.3/examples/parallel_for/polygon_overlay/pover_video.cpp:31:5: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(msec*1000); data/tbb-2020.3/examples/parallel_for/tachyon/src/imap.cpp:148:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len=strlen(filename); data/tbb-2020.3/examples/parallel_for/tachyon/src/main.cpp:245:9: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (name, " "); data/tbb-2020.3/examples/parallel_for/tachyon/src/parse.cpp:86:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s=strlen(a); data/tbb-2020.3/examples/parallel_for/tachyon/src/parse.cpp:87:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l=strlen(b); data/tbb-2020.3/examples/parallel_for/tachyon/src/tgafile.cpp:163:3: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getc(ifp); /* ID length */ data/tbb-2020.3/examples/parallel_for/tachyon/src/tgafile.cpp:164:3: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getc(ifp); /* colormap type */ data/tbb-2020.3/examples/parallel_for/tachyon/src/tgafile.cpp:165:12: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). format = getc(ifp); /* image type */ data/tbb-2020.3/examples/parallel_for/tachyon/src/tgafile.cpp:166:3: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getc(ifp); /* color map origin */ data/tbb-2020.3/examples/parallel_for/tachyon/src/tgafile.cpp:167:3: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getc(ifp); /* color map origin */ data/tbb-2020.3/examples/parallel_for/tachyon/src/tgafile.cpp:168:3: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getc(ifp); /* color map length */ data/tbb-2020.3/examples/parallel_for/tachyon/src/tgafile.cpp:169:3: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getc(ifp); /* color map length */ data/tbb-2020.3/examples/parallel_for/tachyon/src/tgafile.cpp:170:3: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getc(ifp); /* color map entry size */ data/tbb-2020.3/examples/parallel_for/tachyon/src/tgafile.cpp:171:3: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getc(ifp); /* x origin */ data/tbb-2020.3/examples/parallel_for/tachyon/src/tgafile.cpp:172:3: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getc(ifp); /* x origin */ data/tbb-2020.3/examples/parallel_for/tachyon/src/tgafile.cpp:173:3: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getc(ifp); /* y origin */ data/tbb-2020.3/examples/parallel_for/tachyon/src/tgafile.cpp:174:3: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getc(ifp); /* y origin */ data/tbb-2020.3/examples/parallel_for/tachyon/src/tgafile.cpp:175:8: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). w1 = getc(ifp); /* width (low) */ data/tbb-2020.3/examples/parallel_for/tachyon/src/tgafile.cpp:176:8: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). w2 = getc(ifp); /* width (hi) */ data/tbb-2020.3/examples/parallel_for/tachyon/src/tgafile.cpp:177:8: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). h1 = getc(ifp); /* height (low) */ data/tbb-2020.3/examples/parallel_for/tachyon/src/tgafile.cpp:178:8: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). h2 = getc(ifp); /* height (hi) */ data/tbb-2020.3/examples/parallel_for/tachyon/src/tgafile.cpp:179:11: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). depth = getc(ifp); /* image pixel size */ data/tbb-2020.3/examples/parallel_for/tachyon/src/tgafile.cpp:180:11: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). flags = getc(ifp); /* image descriptor byte */ data/tbb-2020.3/examples/parallel_for/tachyon/src/util.cpp:65:5: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(msec*1000); data/tbb-2020.3/examples/test_all/fibonacci/Fibonacci.cpp:192:10: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. bool equal( const int j, const int k ) const { return j == k; } data/tbb-2020.3/include/tbb/concurrent_hash_map.h:693:48: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. while( is_valid(n) && !my_hash_compare.equal(key, n->value().first) ) data/tbb-2020.3/include/tbb/concurrent_hash_map.h:1397:48: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. while( is_valid(n) && !my_hash_compare.equal(key, static_cast<node*>(n)->value().first ) ) { data/tbb-2020.3/include/tbb/flow_graph_opencl_node.h:1285:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). file_descriptor.read( begin, length ); data/tbb-2020.3/include/tbb/internal/_flow_graph_tagged_buffer_impl.h:212:22: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if(this->equal((*my_key)(*pv), k)) { data/tbb-2020.3/include/tbb/internal/_flow_graph_tagged_buffer_impl.h:236:22: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if(this->equal((*my_key)(*vp), k)) { data/tbb-2020.3/include/tbb/internal/_tbb_hash_compare_impl.h:101:17: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. static bool equal( const Key& a, const Key& b ) { return a == b; } data/tbb-2020.3/python/rml/ipc_server.cpp:107:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( value!=NULL && strlen( value )>0 ) { data/tbb-2020.3/python/rml/ipc_server.cpp:108:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* sem_name = new char[strlen( value ) + 1]; data/tbb-2020.3/python/rml/ipc_server.cpp:119:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( value!=NULL && strlen( value )>0 ) { data/tbb-2020.3/python/rml/ipc_server.cpp:120:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* sem_name = new char[strlen( value ) + 1]; data/tbb-2020.3/python/rml/ipc_server.cpp:141:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* templ = new char[strlen( IPC_ACTIVE_SEM_PREFIX ) + strlen( "_XXXXXX" ) + 1]; data/tbb-2020.3/python/rml/ipc_server.cpp:141:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* templ = new char[strlen( IPC_ACTIVE_SEM_PREFIX ) + strlen( "_XXXXXX" ) + 1]; data/tbb-2020.3/python/rml/ipc_server.cpp:144:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy( templ + strlen( IPC_ACTIVE_SEM_PREFIX ), "_XXXXXX" ); data/tbb-2020.3/python/rml/ipc_server.cpp:154:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* templ = new char[strlen( IPC_STOP_SEM_PREFIX ) + strlen( "_XXXXXX" ) + 1]; data/tbb-2020.3/python/rml/ipc_server.cpp:154:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* templ = new char[strlen( IPC_STOP_SEM_PREFIX ) + strlen( "_XXXXXX" ) + 1]; data/tbb-2020.3/python/rml/ipc_server.cpp:157:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy( templ + strlen( IPC_STOP_SEM_PREFIX ), "_XXXXXX" ); data/tbb-2020.3/python/rml/ipc_utils.cpp:93:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen( name_template ) + strlen( prefix ) + digits_in_int + digits_in_long + 1; data/tbb-2020.3/python/rml/ipc_utils.cpp:93:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen( name_template ) + strlen( prefix ) + digits_in_int + digits_in_long + 1; data/tbb-2020.3/src/perf/perf.cpp:673:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). TitleFieldLen = strlen( TestNameColumnTitle ); data/tbb-2020.3/src/perf/perf.cpp:674:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). WorkloadFieldLen = strlen( WorkloadNameColumnTitle ); data/tbb-2020.3/src/perf/perf.cpp:696:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). TitleFieldLen = max( TitleFieldLen, strlen(tr.my_testName) ); data/tbb-2020.3/src/perf/perf.cpp:728:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(WorkloadName); data/tbb-2020.3/src/perf/time_hash_map.cpp:66:10: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. bool equal( int x, int y ) const { return x==y; } data/tbb-2020.3/src/rml/perfor/omp_nested.cpp:39:5: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep( milliseconds*1000 ); data/tbb-2020.3/src/rml/perfor/omp_simple.cpp:44:5: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep( milliseconds*1000 ); data/tbb-2020.3/src/rml/perfor/tbb_multi_omp.cpp:44:5: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep( milliseconds*1000 ); data/tbb-2020.3/src/rml/perfor/tbb_simple.cpp:43:5: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep( milliseconds*1000 ); data/tbb-2020.3/src/tbb/dynamic_link.cpp:328:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ap_data._len = strlen( ap_data._path ); data/tbb-2020.3/src/tbb/dynamic_link.cpp:339:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( ap_data._path+rc, dlinfo.dli_fname, fname_len ); data/tbb-2020.3/src/tbb/dynamic_link.cpp:367:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t name_len = strlen( name ); data/tbb-2020.3/src/tbb/task_group_context.cpp:34:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(src) + 1; data/tbb-2020.3/src/tbb/task_group_context.cpp:36:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (dst, src, len); data/tbb-2020.3/src/tbb/tbb_main.cpp:334:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t value_length = strlen( value ); data/tbb-2020.3/src/tbb/tools_api/ittnotify_config.h:292:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define __itt_fstrnlen(s, l) strlen(s) data/tbb-2020.3/src/tbb/tools_api/ittnotify_config.h:303:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(s1, s2, num_to_copy); \ data/tbb-2020.3/src/tbb/tools_api/ittnotify_static.c:870:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). res = read(cmdline_fd, package_name, PATH_MAX - 1); data/tbb-2020.3/src/tbb/tools_api/ittnotify_static.c:907:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). res = read(itt_marker_file_fd, itt_lib_name, PATH_MAX - 1); data/tbb-2020.3/src/tbbmalloc/proxy.cpp:233:14: [1] (free) memalign: On some systems (though not Linux-based systems) an attempt to free() results from memalign() may fail. This may, on a few systems, be exploitable. Also note that memalign() may not check that the boundary parameter is correct (CWE-676). Use posix_memalign instead (defined in POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD 4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases, malloc()'s alignment may be sufficient. void *PREFIX(memalign)(ZONE_ARG size_t alignment, size_t size) __THROW data/tbb-2020.3/src/tbbmalloc/tbb_function_replacement.cpp:267:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( (i=strlen(*(opcodes + opcodesStringsCount))) > maxOpcodesLength ) data/tbb-2020.3/src/tbbmalloc/tbb_function_replacement.cpp:333:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bytesToMove = strlen(pattern)/2-1; // The last byte matching the pattern must not be copied data/tbb-2020.3/src/tbbmalloc/tbb_function_replacement.cpp:395:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bytesToMove = strlen(pattern)/2-1; // The last byte matching the pattern must not be copied data/tbb-2020.3/src/tbbmalloc/tbb_function_replacement.cpp:501:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(cachedName, dllName, MAX_PATH); data/tbb-2020.3/src/tbbmalloc/tbb_function_replacement.cpp:541:9: [1] (buffer) wcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). wcsncpy(cachedName, dllName, MAX_PATH); data/tbb-2020.3/src/tbbproxy/tbbproxy.cpp:191:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen( str ); data/tbb-2020.3/src/tbbproxy/tbbproxy.cpp:424:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). __TBB_ASSERT( strlen( name ) + 1 == size_t( symbol.size ), "Unexpected size of typeinfo name" ); data/tbb-2020.3/src/tbbproxy/tbbproxy.cpp:426:21: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( reinterpret_cast< char * >( symbol.addr ), name, symbol.size ); data/tbb-2020.3/src/tbbproxy/tbbproxy.cpp:510:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t namelen = strlen(tbb_dll_name); data/tbb-2020.3/src/tbbproxy/tbbproxy.cpp:514:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(path[i]) + namelen + 2; // 1 for slash and 1 for null terminator data/tbb-2020.3/src/test/harness.h:829:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t namelen = strlen(envname), valuelen = strlen(envval); data/tbb-2020.3/src/test/harness.h:829:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t namelen = strlen(envname), valuelen = strlen(envval); data/tbb-2020.3/src/test/harness.h:831:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, envname, namelen); data/tbb-2020.3/src/test/harness.h:833:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf+namelen+1, envval, valuelen); data/tbb-2020.3/src/test/test_concurrent_hash_map.cpp:64:14: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. bool equal( UserDefinedKeyType /*x*/, UserDefinedKeyType /*y*/ ) {return true;} data/tbb-2020.3/src/test/test_concurrent_hash_map.cpp:185:10: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. bool equal( const MyKey& j, const MyKey& k ) const { data/tbb-2020.3/src/test/test_concurrent_hash_map.cpp:195:10: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. bool equal( const MyKey& j, const MyKey& k ) const { data/tbb-2020.3/src/test/test_concurrent_hash_map.cpp:1305:21: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. static bool equal( const std::shared_ptr<int>& ptr1, const std::shared_ptr<int>& ptr2 ) { return ptr1 == ptr2; } data/tbb-2020.3/src/test/test_concurrent_hash_map.cpp:1309:21: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. static bool equal( const std::weak_ptr<int>& ptr1, const std::weak_ptr<int>& ptr2 ) { return ptr1.lock() == ptr2.lock(); } data/tbb-2020.3/src/test/test_concurrent_hash_map.cpp:1372:14: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. bool equal( const T& lhs, const T& rhs ) const { data/tbb-2020.3/src/test/test_concurrent_hash_map.cpp:1386:17: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. static bool equal(hash_map_type const& c, iterator begin, iterator end){ data/tbb-2020.3/src/test/test_concurrent_hash_map.cpp:1529:17: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. static bool equal(const allocator_aware_data<Allocator>& key1, const allocator_aware_data<Allocator>& key2) { data/tbb-2020.3/src/test/test_concurrent_hash_map.cpp:1530:44: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. return tbb::tbb_hash_compare<int>::equal(key1.value(), key2.value()); data/tbb-2020.3/src/test/test_concurrent_ordered_common.h:180:17: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. static bool equal(ordered_type const& c, iterator begin, iterator end){ data/tbb-2020.3/src/test/test_concurrent_unordered_common.h:131:17: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. static bool equal(unordered_type const& c, iterator begin, iterator end){ data/tbb-2020.3/src/test/test_concurrent_vector.cpp:759:18: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. ASSERT( std::equal( v.begin(), v.end(), init_range ), "grow_by(I,I) did not properly copied all elements ?" ); data/tbb-2020.3/src/test/test_concurrent_vector.cpp:905:37: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. return equal_sizes && std::equal(c.begin(), c.end(), begin); data/tbb-2020.3/src/test/test_concurrent_vector.cpp:1125:30: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. ASSERT_IN_TEST( std::equal(victim.begin(), victim.begin() + planned_victim_size, src.begin()), "failed to properly copy items before the exception?", test_name ); data/tbb-2020.3/src/test/test_container_move_support.h:519:43: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. ASSERT_IN_TEST( container_traits::equal(dst, init_iterator_type(0), init_iterator_type(container_size)), msg.c_str(), test_name); data/tbb-2020.3/src/test/test_container_move_support.h:528:29: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. ASSERT_IN_TEST(std::equal(dst.begin(), dst.begin() + number_of_constructed_items, init_iterator_type(0)), "content changed during move/copy ?", test_name); data/tbb-2020.3/src/test/test_fast_random.cpp:142:21: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. return std::equal(series1,series1+seriesLen,series2); data/tbb-2020.3/src/test/test_handle_perror.cpp:36:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ASSERT( strlen(strstr(e.what(), strerror(EAGAIN))), "bad error message?" ); data/tbb-2020.3/src/test/test_malloc_overload.cpp:280:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(str)+1; data/tbb-2020.3/src/test/test_malloc_overload.cpp:422:31: [1] (free) memalign: On some systems (though not Linux-based systems) an attempt to free() results from memalign() may fail. This may, on a few systems, be exploitable. Also note that memalign() may not check that the boundary parameter is correct (CWE-676). Use posix_memalign instead (defined in POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD 4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases, malloc()'s alignment may be sufficient. CheckMemalignFuncOverload(memalign, free); data/tbb-2020.3/src/test/test_parallel_for_vectorization.cpp:68:19: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. ASSERT( !std::equal( array1, array1+N, array2 ), "The loop was not vectorized." ); ANALYSIS SUMMARY: Hits = 582 Lines analyzed = 215801 in approximately 5.47 seconds (39454 lines/second) Physical Source Lines of Code (SLOC) = 153959 Hits@level = [0] 501 [1] 113 [2] 234 [3] 98 [4] 137 [5] 0 Hits@level+ = [0+] 1083 [1+] 582 [2+] 469 [3+] 235 [4+] 137 [5+] 0 Hits/KSLOC@level+ = [0+] 7.03434 [1+] 3.78023 [2+] 3.04627 [3+] 1.52638 [4+] 0.889847 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.