Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/minisat-output-formater.c
Examining data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/sat-input-formater.c
Examining data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/smt-prep.c
Examining data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/zchaff-output-formater.c
Examining data/acl2-8.3dfsg/books/projects/x86isa/machine/shared/check-rdrand-support.c
Examining data/acl2-8.3dfsg/books/projects/x86isa/machine/shared/get_cpuid_v1_lix64.h
Examining data/acl2-8.3dfsg/books/projects/x86isa/machine/shared/syscall-utils.c
Examining data/acl2-8.3dfsg/books/projects/x86isa/machine/shared/rdrand.c
Examining data/acl2-8.3dfsg/books/projects/x86isa/tools/execution/examples/push.c
Examining data/acl2-8.3dfsg/books/projects/x86isa/tools/execution/examples/powOfTwo64.c
Examining data/acl2-8.3dfsg/books/projects/x86isa/tools/execution/examples/prefixSum.c
Examining data/acl2-8.3dfsg/books/projects/x86isa/tools/execution/examples/dataCopy/core.h
Examining data/acl2-8.3dfsg/books/projects/x86isa/tools/execution/examples/dataCopy/dataCopy.c
Examining data/acl2-8.3dfsg/books/projects/x86isa/tools/execution/examples/dataCopy/core.c
Examining data/acl2-8.3dfsg/books/projects/x86isa/tools/execution/examples/zeroCopy/readValues.c
Examining data/acl2-8.3dfsg/books/projects/x86isa/tools/execution/examples/zeroCopy/pageWalk1G.c
Examining data/acl2-8.3dfsg/books/projects/x86isa/tools/execution/examples/zeroCopy/modifyPagingEntry.c
Examining data/acl2-8.3dfsg/books/projects/x86isa/tools/execution/examples/micro-sat/micro-sat.c
Examining data/acl2-8.3dfsg/books/projects/x86isa/tools/execution/examples/wc/wc-input.c
Examining data/acl2-8.3dfsg/books/projects/x86isa/tools/execution/examples/wc/wc-file.c
Examining data/acl2-8.3dfsg/books/projects/x86isa/tools/execution/examples/nop-sequence/xchg.c
Examining data/acl2-8.3dfsg/books/projects/arm/fadd/fadd64.cpp
Examining data/acl2-8.3dfsg/books/projects/arm/fmul/fmul64.cpp
Examining data/acl2-8.3dfsg/books/projects/arm/fsqrt/fsqrt64.cpp
Examining data/acl2-8.3dfsg/books/projects/arm/fdiv/fdiv64.cpp
Examining data/acl2-8.3dfsg/books/projects/rac/examples/hello.cpp
Examining data/acl2-8.3dfsg/books/projects/rac/examples/imul/imul.cpp
Examining data/acl2-8.3dfsg/books/projects/rac/src/parser.h
Examining data/acl2-8.3dfsg/books/projects/rac/src/main.c
Examining data/acl2-8.3dfsg/books/projects/rac/src/output.c
Examining data/acl2-8.3dfsg/books/projects/rac/include/ac_fixed.h
Examining data/acl2-8.3dfsg/books/projects/rac/include/ac_int.h
Examining data/acl2-8.3dfsg/books/projects/rac/include/rac.h
Examining data/acl2-8.3dfsg/books/workshops/2020/hardin/sources/stk.cpp
Examining data/acl2-8.3dfsg/books/workshops/2020/hardin/sources/stk.h
Examining data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/dags.h
Examining data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/terms.c
Examining data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/dags.c
Examining data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/terms.h
Examining data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/lists.h
Examining data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/lists.c
Examining data/acl2-8.3dfsg/books/workshops/2014/russinoff-oleary/support/imul.cpp
Examining data/acl2-8.3dfsg/books/workshops/2014/russinoff-oleary/support/rac.h
Examining data/acl2-8.3dfsg/books/unicode/test-performance/timing.c
Examining data/acl2-8.3dfsg/books/unicode/test-performance/timing.cpp
Examining data/acl2-8.3dfsg/books/tools/drat-trim/drat-trim.c
Examining data/acl2-8.3dfsg/books/quicklisp/bundle/software/cffi_0.19.0/grovel/common.h
Examining data/acl2-8.3dfsg/books/quicklisp/bundle/software/cffi_0.19.0/tests/libtest.c
Examining data/acl2-8.3dfsg/books/quicklisp/bundle/software/cffi_0.19.0/tests/libtest2.c
Examining data/acl2-8.3dfsg/books/quicklisp/bundle/software/cffi_0.19.0/tests/libfsbv.c
Examining data/acl2-8.3dfsg/books/centaur/esim/stv/stv2c/fourval.h
Examining data/acl2-8.3dfsg/books/centaur/esim/stv/stv2c/test_bits.cc
Examining data/acl2-8.3dfsg/books/centaur/esim/stv/stv2c/alu16.cc
Examining data/acl2-8.3dfsg/books/centaur/esim/stv/stv2c/bits.h
FINAL RESULTS:
data/acl2-8.3dfsg/books/projects/rac/src/main.c:18:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, argv[0]);
data/acl2-8.3dfsg/books/projects/rac/src/main.c:28:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, argv[0]);
data/acl2-8.3dfsg/books/projects/rac/src/output.c:116:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, s);
data/acl2-8.3dfsg/books/projects/rac/src/output.c:130:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, s);
data/acl2-8.3dfsg/books/projects/rac/src/output.c:316:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(RACname, m);
data/acl2-8.3dfsg/books/projects/rac/src/output.c:1384:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result, str);
data/acl2-8.3dfsg/books/quicklisp/bundle/software/cffi_0.19.0/tests/libtest.c:71:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, str);
data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/dags.c:55:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(terms_dag[h].symbol,t->symbol);
data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/dags.c:62:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(terms_dag[h].symbol,t->symbol);
data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/lists.c:22:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newvl->symbol,newsymbol);
data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/lists.c:37:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newvl->symbol,newsymbol);
data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/terms.c:25:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t->symbol,symbol);
data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/terms.c:34:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t->symbol,symbol);
data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/terms.c:45:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t->symbol,symbol);
data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/terms.c:143:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t->symbol,symbol);
data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/minisat-output-formater.c:39:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char char_buff[100];
data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/minisat-output-formater.c:59:20: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
read_num = atol(char_buff);
data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/minisat-output-formater.c:112:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char char_buff[100];
data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/minisat-output-formater.c:120:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(argc[1], "r");
data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/sat-input-formater.c:24:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cnf_file = fopen(argc[1], "r");
data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/smt-prep.c:45:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char char_buff[200];
data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/zchaff-output-formater.c:11:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char char_buff[200];
data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/zchaff-output-formater.c:44:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char char_buff[100];
data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/zchaff-output-formater.c:59:18: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
read_num = atol(char_buff);
data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/zchaff-output-formater.c:103:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char char_buff[100];
data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/zchaff-output-formater.c:111:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cnf_file = fopen(argc[1], "r");
data/acl2-8.3dfsg/books/projects/rac/include/ac_fixed.h:425:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char r[(W-AC_MIN(AC_MIN(W-I,I),0)+31)/32*32+5] = {0};
data/acl2-8.3dfsg/books/projects/rac/include/ac_int.h:1995:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char r[N*32+4] = {0};
data/acl2-8.3dfsg/books/projects/rac/src/main.c:13:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/acl2-8.3dfsg/books/projects/rac/src/main.c:19:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, ".i");
data/acl2-8.3dfsg/books/projects/rac/src/main.c:20:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
yyin = fopen(buf, "r");
data/acl2-8.3dfsg/books/projects/rac/src/main.c:30:11: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, ".ast.lsp");
data/acl2-8.3dfsg/books/projects/rac/src/main.c:31:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout.open(buf);
data/acl2-8.3dfsg/books/projects/rac/src/main.c:36:11: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, ".pc");
data/acl2-8.3dfsg/books/projects/rac/src/main.c:37:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout.open(buf);
data/acl2-8.3dfsg/books/projects/rac/src/output.c:951:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(name);
data/acl2-8.3dfsg/books/projects/x86isa/tools/execution/examples/wc/wc-file.c:156:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256], buffer[256];
data/acl2-8.3dfsg/books/projects/x86isa/tools/execution/examples/wc/wc-file.c:157:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[256];
data/acl2-8.3dfsg/books/projects/x86isa/tools/execution/examples/wc/wc-input.c:60:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1];
data/acl2-8.3dfsg/books/quicklisp/bundle/software/cffi_0.19.0/grovel/common.h:53:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[256];
data/acl2-8.3dfsg/books/tools/drat-trim/drat-trim.c:246:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *coreFile = fopen (S->coreStr, "w");
data/acl2-8.3dfsg/books/tools/drat-trim/drat-trim.c:307:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *lemmaFile = fopen (S->lemmaStr, "w");
data/acl2-8.3dfsg/books/tools/drat-trim/drat-trim.c:676:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *coreFile = fopen (S->coreStr, "w");
data/acl2-8.3dfsg/books/tools/drat-trim/drat-trim.c:680:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *lemmaFile = fopen (S->lemmaStr, "w");
data/acl2-8.3dfsg/books/tools/drat-trim/drat-trim.c:688:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *coreFile = fopen (S->coreStr, "w");
data/acl2-8.3dfsg/books/tools/drat-trim/drat-trim.c:692:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *lemmaFile = fopen (S->lemmaStr, "w");
data/acl2-8.3dfsg/books/tools/drat-trim/drat-trim.c:1039:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ignore[1024];
data/acl2-8.3dfsg/books/tools/drat-trim/drat-trim.c:1285:50: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if (argv[i][1] == 'a') S.activeFile = fopen (argv[++i], "w");
data/acl2-8.3dfsg/books/tools/drat-trim/drat-trim.c:1287:50: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if (argv[i][1] == 'L') S.lratFile = fopen (argv[++i], "w");
data/acl2-8.3dfsg/books/tools/drat-trim/drat-trim.c:1288:50: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if (argv[i][1] == 'r') S.traceFile = fopen (argv[++i], "w");
data/acl2-8.3dfsg/books/tools/drat-trim/drat-trim.c:1289:50: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (argv[i][1] == 't') S.timeout = atoi (argv[++i]);
data/acl2-8.3dfsg/books/tools/drat-trim/drat-trim.c:1306:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
S.inputFile = fopen (argv[1], "r");
data/acl2-8.3dfsg/books/tools/drat-trim/drat-trim.c:1311:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
S.proofFile = fopen (argv[2], "r");
data/acl2-8.3dfsg/books/tools/drat-trim/drat-trim.c:1323:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
S.proofFile = fopen (argv[2], "r");
data/acl2-8.3dfsg/books/unicode/test-performance/timing.c:17:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(in = fopen(argv[1], "r"))) {
data/acl2-8.3dfsg/books/unicode/test-performance/timing.c:22:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
size = atoi(argv[2]) * 1024;
data/acl2-8.3dfsg/books/unicode/test-performance/timing.cpp:19:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in.open(argv[1]);
data/acl2-8.3dfsg/books/unicode/test-performance/timing.cpp:25:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
size = atoi(argv[2]) * 1024;
data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/dags.c:271:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int problem = atoi(argv[1]);
data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/dags.c:272:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int number = atoi(argv[2]);
data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/dags.c:273:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int inc = atoi(argv[3]);
data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/dags.c:274:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int rep = atoi(argv[4]);
data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/dags.h:17:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char symbol[5];
data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/lists.c:15:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
Varlist *varlistadd(Varlist *vl, char newsymbol[5], int newdirection) {
data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/lists.h:12:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char symbol[5];
data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/terms.c:21:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char symbol[5];
data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/terms.c:24:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(symbol,"%d",i);
data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/terms.h:17:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char symbol[5];
data/acl2-8.3dfsg/books/centaur/esim/stv/stv2c/bits.h:245:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned n = strlen(s);
data/acl2-8.3dfsg/books/centaur/esim/stv/stv2c/bits.h:510:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned n = strlen(s);
data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/minisat-output-formater.c:35:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return fgetc(file);
data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/minisat-output-formater.c:123:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
curr_char = fgetc(file);
data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/minisat-output-formater.c:130:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
curr_char = fgetc(file);
data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/sat-input-formater.c:31:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
curr_char = fgetc(cnf_file);
data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/sat-input-formater.c:36:19: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
curr_char = fgetc(cnf_file);
data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/sat-input-formater.c:40:21: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
curr_char = fgetc(cnf_file);
data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/sat-input-formater.c:47:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
curr_char = fgetc(cnf_file);
data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/smt-prep.c:41:10: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return getchar();
data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/zchaff-output-formater.c:23:19: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
curr_char = fgetc(cnf_file);
data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/zchaff-output-formater.c:36:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
curr_char = fgetc(cnf_file);
data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/zchaff-output-formater.c:51:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
curr_char = fgetc(cnf_file);
data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/zchaff-output-formater.c:95:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
curr_char = fgetc(cnf_file);
data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/zchaff-output-formater.c:113:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
curr_char = fgetc(cnf_file);
data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/zchaff-output-formater.c:123:19: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
curr_char = fgetc(cnf_file);
data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/zchaff-output-formater.c:151:39: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (curr_char != EOF) curr_char = fgetc(cnf_file);
data/acl2-8.3dfsg/books/projects/arm/fadd/fadd64.cpp:667:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (reset.read()) {
data/acl2-8.3dfsg/books/projects/arm/fadd/fadd64.cpp:671:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fz.read();
data/acl2-8.3dfsg/books/projects/arm/fadd/fadd64.cpp:672:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
dn.read();
data/acl2-8.3dfsg/books/projects/arm/fadd/fadd64.cpp:673:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rmode.read();
data/acl2-8.3dfsg/books/projects/arm/fadd/fadd64.cpp:674:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fma.read();
data/acl2-8.3dfsg/books/projects/arm/fadd/fadd64.cpp:675:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
inz.read();
data/acl2-8.3dfsg/books/projects/arm/fadd/fadd64.cpp:676:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
piz.read();
data/acl2-8.3dfsg/books/projects/arm/fadd/fadd64.cpp:677:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
expOvfl.read();
data/acl2-8.3dfsg/books/projects/arm/fadd/fadd64.cpp:678:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mulExcps.read();
data/acl2-8.3dfsg/books/projects/arm/fadd/fadd64.cpp:679:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
opa.read();
data/acl2-8.3dfsg/books/projects/arm/fadd/fadd64.cpp:680:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
opb.read();
data/acl2-8.3dfsg/books/projects/arm/fdiv/fdiv64.cpp:956:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (reset.read()) {
data/acl2-8.3dfsg/books/projects/arm/fdiv/fdiv64.cpp:960:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fz.read();
data/acl2-8.3dfsg/books/projects/arm/fdiv/fdiv64.cpp:961:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
dn.read();
data/acl2-8.3dfsg/books/projects/arm/fdiv/fdiv64.cpp:962:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rmode.read();
data/acl2-8.3dfsg/books/projects/arm/fdiv/fdiv64.cpp:963:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fmt.read();
data/acl2-8.3dfsg/books/projects/arm/fdiv/fdiv64.cpp:964:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
opa.read();
data/acl2-8.3dfsg/books/projects/arm/fdiv/fdiv64.cpp:965:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
opb.read();
data/acl2-8.3dfsg/books/projects/arm/fmul/fmul64.cpp:831:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (reset.read()) {
data/acl2-8.3dfsg/books/projects/arm/fmul/fmul64.cpp:835:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fused.read();
data/acl2-8.3dfsg/books/projects/arm/fmul/fmul64.cpp:836:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fz.read();
data/acl2-8.3dfsg/books/projects/arm/fmul/fmul64.cpp:837:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
dn.read();
data/acl2-8.3dfsg/books/projects/arm/fmul/fmul64.cpp:838:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rmode.read();
data/acl2-8.3dfsg/books/projects/arm/fmul/fmul64.cpp:839:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
opa.read();
data/acl2-8.3dfsg/books/projects/arm/fmul/fmul64.cpp:840:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
opb.read();
data/acl2-8.3dfsg/books/projects/arm/fsqrt/fsqrt64.cpp:875:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (reset.read()) {
data/acl2-8.3dfsg/books/projects/arm/fsqrt/fsqrt64.cpp:879:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fz.read();
data/acl2-8.3dfsg/books/projects/arm/fsqrt/fsqrt64.cpp:880:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
dn.read();
data/acl2-8.3dfsg/books/projects/arm/fsqrt/fsqrt64.cpp:881:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rmode.read();
data/acl2-8.3dfsg/books/projects/arm/fsqrt/fsqrt64.cpp:882:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fmt.read();
data/acl2-8.3dfsg/books/projects/arm/fsqrt/fsqrt64.cpp:883:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
opa.read();
data/acl2-8.3dfsg/books/projects/rac/examples/imul/imul.cpp:258:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
x.read();
data/acl2-8.3dfsg/books/projects/rac/examples/imul/imul.cpp:259:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
y.read();
data/acl2-8.3dfsg/books/projects/rac/include/ac_fixed.h:725:20: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return Base::equal(op2);
data/acl2-8.3dfsg/books/projects/rac/include/ac_fixed.h:727:20: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return Base::equal(op2.template shiftl<F-F2>());
data/acl2-8.3dfsg/books/projects/rac/include/ac_fixed.h:729:29: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return shiftl<F2-F>().equal(op2);
data/acl2-8.3dfsg/books/projects/rac/include/ac_fixed.h:735:22: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return ! Base::equal(op2);
data/acl2-8.3dfsg/books/projects/rac/include/ac_fixed.h:737:22: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return ! Base::equal(op2.template shiftl<F-F2>());
data/acl2-8.3dfsg/books/projects/rac/include/ac_fixed.h:739:31: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return ! shiftl<F2-F>().equal(op2);
data/acl2-8.3dfsg/books/projects/rac/include/ac_int.h:1439:10: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
bool equal(const iv<N2> &op2) const {
data/acl2-8.3dfsg/books/projects/rac/include/ac_int.h:2282:18: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return Base::equal(op2);
data/acl2-8.3dfsg/books/projects/rac/include/ac_int.h:2286:19: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return !Base::equal(op2);
data/acl2-8.3dfsg/books/projects/rac/src/output.c:115:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = new char[strlen(s)+1];
data/acl2-8.3dfsg/books/projects/rac/src/output.c:129:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = new char[strlen(s)+1];
data/acl2-8.3dfsg/books/projects/rac/src/output.c:315:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
RACname = new char[strlen(m)+1];
data/acl2-8.3dfsg/books/projects/rac/src/output.c:1383:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *result = new char[strlen(str)+1];
data/acl2-8.3dfsg/books/quicklisp/bundle/software/cffi_0.19.0/tests/libfsbv.c:164:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(string);
data/acl2-8.3dfsg/books/quicklisp/bundle/software/cffi_0.19.0/tests/libtest.c:70:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *p = malloc(strlen(str) + 1);
data/acl2-8.3dfsg/books/unicode/test-performance/timing.c:25:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(in);
ANALYSIS SUMMARY:
Hits = 134
Lines analyzed = 20273 in approximately 1.89 seconds (10741 lines/second)
Physical Source Lines of Code (SLOC) = 14887
Hits@level = [0] 279 [1] 66 [2] 53 [3] 0 [4] 15 [5] 0
Hits@level+ = [0+] 413 [1+] 134 [2+] 68 [3+] 15 [4+] 15 [5+] 0
Hits/KSLOC@level+ = [0+] 27.7423 [1+] 9.00114 [2+] 4.56774 [3+] 1.00759 [4+] 1.00759 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.