stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/texlive-base-2020.20200925/texmf-dist/doc/latex/metaplot/examples/metacontour.cc
Examining data/texlive-base-2020.20200925/texmf-dist/doc/latex/metaplot/examples/metacontour.h
Examining data/texlive-base-2020.20200925/texmf-dist/doc/latex/metaplot/examples/cpoint.h
Examining data/texlive-base-2020.20200925/texmf-dist/doc/latex/metaplot/examples/cap1.cc
Examining data/texlive-base-2020.20200925/texmf-dist/doc/latex/metaplot/examples/capillary.cc
Examining data/texlive-base-2020.20200925/texmf-dist/doc/latex/metaplot/examples/metacontour_main.cc
Examining data/texlive-base-2020.20200925/texmf-dist/doc/latex/metaplot/examples/cpoint.cc
Examining data/texlive-base-2020.20200925/texmf-dist/doc/generic/xypic/support/pnmrawtopcropwhite.c
Examining data/texlive-base-2020.20200925/texmf-dist/doc/fonts/eurosym/eurosym.cpp
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/ogdf/c/SimpleDemoOGDF.c++
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/ogdf/c/module/module_script.h
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/ogdf/c/layered/SplitHeuristic_script.h
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/ogdf/c/layered/SiftingHeuristic_script.h
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/ogdf/c/layered/LongestPathRanking_script.h
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/ogdf/c/layered/layered_script.h
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/ogdf/c/layered/OptimalRanking_script.h
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/ogdf/c/layered/SugiyamaLayout_script.h
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/ogdf/c/layered/FastSimpleHierarchyLayout_script.h
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/ogdf/c/layered/BarycenterHeuristic_script.h
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/ogdf/c/layered/MedianHeuristic_script.h
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/ogdf/c/layered/GreedyInsertHeuristic_script.h
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/ogdf/c/layered/FastHierarchyLayout_script.h
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/ogdf/c/layered/GreedyCycleRemoval_script.h
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/ogdf/c/layered/CoffmanGrahamRanking_script.h
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/ogdf/c/layered/DfsAcyclicSubgraph_script.h
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/ogdf/c/planarity/PlanarizationLayout_script.h
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/ogdf/c/planarity/planarity_script.h
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/ogdf/c/ogdf_script.c++
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/ogdf/c/energybased/multilevelmixer/SolarPlacer_script.h
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/ogdf/c/energybased/multilevelmixer/ZeroPlacer_script.h
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/ogdf/c/energybased/multilevelmixer/CirclePlacer_script.h
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/ogdf/c/energybased/multilevelmixer/IndependentSetMerger_script.h
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/ogdf/c/energybased/multilevelmixer/EdgeCoverMerger_script.h
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/ogdf/c/energybased/multilevelmixer/SolarMerger_script.h
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/ogdf/c/energybased/multilevelmixer/LocalBiconnectedMerger_script.h
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/ogdf/c/energybased/multilevelmixer/MatchingMerger_script.h
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/ogdf/c/energybased/multilevelmixer/multilevelmixer_script.h
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/ogdf/c/energybased/multilevelmixer/RandomPlacer_script.h
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/ogdf/c/energybased/multilevelmixer/MedianPlacer_script.h
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/ogdf/c/energybased/multilevelmixer/BarycenterPlacer_script.h
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/ogdf/c/energybased/multilevelmixer/RandomMerger_script.h
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/ogdf/c/energybased/energybased_script.h
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/ogdf/c/energybased/FastMultipoleEmbedder_script.h
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/ogdf/c/energybased/FMMMLayout_script.h
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/ogdf/c/energybased/SpringEmbedderKK_script.h
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/ogdf/c/energybased/SpringEmbedderFRExact_script.h
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/ogdf/c/energybased/GEMLayout_script.h
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/ogdf/c/energybased/SpringEmbedderFR_script.h
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/ogdf/c/energybased/MultilevelLayout_script.h
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/ogdf/c/InterfaceFromOGDF.h
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/ogdf/c/misclayout/CircularLayout_script.h
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/ogdf/c/misclayout/misclayout_script.h
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/ogdf/c/misclayout/BalloonLayout_script.h
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/ogdf/c/InterfaceFromOGDF.c++
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/interface/c/InterfaceFromC.c
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/interface/c/InterfaceFromC++.c++
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/interface/c/InterfaceFromC.h
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/interface/c/InterfaceFromC++.h
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/examples/c/SimpleDemoC.c
Examining data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/examples/c/SimpleDemoCPlusPlus.c++

FINAL RESULTS:

data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/interface/c/InterfaceFromC.c:203:16:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  char* copy = strcpy((char*) malloc(strlen(s)+1), s);
data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/interface/c/InterfaceFromC.c:234:18:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    char* copy = strcpy((char*) malloc(strlen(s)+1), s);
data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/interface/c/InterfaceFromC.c:270:18:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	p->strings[i] = strcpy((char*) malloc(strlen(s)+1), s);
data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/interface/c/InterfaceFromC.c:560:32:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  edge->path->strings[start] = strcpy((char*) malloc(strlen(s)+1), s);
data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/ogdf/c/layered/SiftingHeuristic_script.h:22:32:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	h->strategy(SiftingHeuristic::random);
data/texlive-base-2020.20200925/texmf-dist/doc/fonts/eurosym/eurosym.cpp:33:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *f=fopen ("eurosym.fig", "wt");
data/texlive-base-2020.20200925/texmf-dist/doc/generic/xypic/support/pnmrawtopcropwhite.c:85:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char magic[MAGICSIZE];
data/texlive-base-2020.20200925/texmf-dist/doc/generic/xypic/support/pnmrawtopcropwhite.c:54:17:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    switch (c = getchar()) {
data/texlive-base-2020.20200925/texmf-dist/doc/generic/xypic/support/pnmrawtopcropwhite.c:65:17:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    switch (c = getc(stdin)) {
data/texlive-base-2020.20200925/texmf-dist/doc/generic/xypic/support/pnmrawtopcropwhite.c:118:7:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  if (getchar() != '\n')
data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/interface/c/InterfaceFromC.c:203:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  char* copy = strcpy((char*) malloc(strlen(s)+1), s);
data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/interface/c/InterfaceFromC.c:234:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char* copy = strcpy((char*) malloc(strlen(s)+1), s);
data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/interface/c/InterfaceFromC.c:270:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	p->strings[i] = strcpy((char*) malloc(strlen(s)+1), s);
data/texlive-base-2020.20200925/texmf-dist/source/generic/pgf/c/graphdrawing/pgf/gd/interface/c/InterfaceFromC.c:560:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  edge->path->strings[start] = strcpy((char*) malloc(strlen(s)+1), s);

ANALYSIS SUMMARY:

Hits = 14
Lines analyzed = 5013 in approximately 1.27 seconds (3946 lines/second)
Physical Source Lines of Code (SLOC) = 3261
Hits@level = [0]   9 [1]   7 [2]   2 [3]   1 [4]   4 [5]   0
Hits@level+ = [0+]  23 [1+]  14 [2+]   7 [3+]   5 [4+]   4 [5+]   0
Hits/KSLOC@level+ = [0+] 7.05305 [1+] 4.29316 [2+] 2.14658 [3+] 1.53327 [4+] 1.22662 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.