Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/minisat-output-formater.c Examining data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/sat-input-formater.c Examining data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/smt-prep.c Examining data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/zchaff-output-formater.c Examining data/acl2-8.3dfsg/books/projects/x86isa/machine/shared/check-rdrand-support.c Examining data/acl2-8.3dfsg/books/projects/x86isa/machine/shared/get_cpuid_v1_lix64.h Examining data/acl2-8.3dfsg/books/projects/x86isa/machine/shared/syscall-utils.c Examining data/acl2-8.3dfsg/books/projects/x86isa/machine/shared/rdrand.c Examining data/acl2-8.3dfsg/books/projects/x86isa/tools/execution/examples/push.c Examining data/acl2-8.3dfsg/books/projects/x86isa/tools/execution/examples/powOfTwo64.c Examining data/acl2-8.3dfsg/books/projects/x86isa/tools/execution/examples/prefixSum.c Examining data/acl2-8.3dfsg/books/projects/x86isa/tools/execution/examples/dataCopy/core.h Examining data/acl2-8.3dfsg/books/projects/x86isa/tools/execution/examples/dataCopy/dataCopy.c Examining data/acl2-8.3dfsg/books/projects/x86isa/tools/execution/examples/dataCopy/core.c Examining data/acl2-8.3dfsg/books/projects/x86isa/tools/execution/examples/zeroCopy/readValues.c Examining data/acl2-8.3dfsg/books/projects/x86isa/tools/execution/examples/zeroCopy/pageWalk1G.c Examining data/acl2-8.3dfsg/books/projects/x86isa/tools/execution/examples/zeroCopy/modifyPagingEntry.c Examining data/acl2-8.3dfsg/books/projects/x86isa/tools/execution/examples/micro-sat/micro-sat.c Examining data/acl2-8.3dfsg/books/projects/x86isa/tools/execution/examples/wc/wc-input.c Examining data/acl2-8.3dfsg/books/projects/x86isa/tools/execution/examples/wc/wc-file.c Examining data/acl2-8.3dfsg/books/projects/x86isa/tools/execution/examples/nop-sequence/xchg.c Examining data/acl2-8.3dfsg/books/projects/arm/fadd/fadd64.cpp Examining data/acl2-8.3dfsg/books/projects/arm/fmul/fmul64.cpp Examining data/acl2-8.3dfsg/books/projects/arm/fsqrt/fsqrt64.cpp Examining data/acl2-8.3dfsg/books/projects/arm/fdiv/fdiv64.cpp Examining data/acl2-8.3dfsg/books/projects/rac/examples/hello.cpp Examining data/acl2-8.3dfsg/books/projects/rac/examples/imul/imul.cpp Examining data/acl2-8.3dfsg/books/projects/rac/src/parser.h Examining data/acl2-8.3dfsg/books/projects/rac/src/main.c Examining data/acl2-8.3dfsg/books/projects/rac/src/output.c Examining data/acl2-8.3dfsg/books/projects/rac/include/ac_fixed.h Examining data/acl2-8.3dfsg/books/projects/rac/include/ac_int.h Examining data/acl2-8.3dfsg/books/projects/rac/include/rac.h Examining data/acl2-8.3dfsg/books/workshops/2020/hardin/sources/stk.cpp Examining data/acl2-8.3dfsg/books/workshops/2020/hardin/sources/stk.h Examining data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/dags.h Examining data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/terms.c Examining data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/dags.c Examining data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/terms.h Examining data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/lists.h Examining data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/lists.c Examining data/acl2-8.3dfsg/books/workshops/2014/russinoff-oleary/support/imul.cpp Examining data/acl2-8.3dfsg/books/workshops/2014/russinoff-oleary/support/rac.h Examining data/acl2-8.3dfsg/books/unicode/test-performance/timing.c Examining data/acl2-8.3dfsg/books/unicode/test-performance/timing.cpp Examining data/acl2-8.3dfsg/books/tools/drat-trim/drat-trim.c Examining data/acl2-8.3dfsg/books/quicklisp/bundle/software/cffi_0.19.0/grovel/common.h Examining data/acl2-8.3dfsg/books/quicklisp/bundle/software/cffi_0.19.0/tests/libtest.c Examining data/acl2-8.3dfsg/books/quicklisp/bundle/software/cffi_0.19.0/tests/libtest2.c Examining data/acl2-8.3dfsg/books/quicklisp/bundle/software/cffi_0.19.0/tests/libfsbv.c Examining data/acl2-8.3dfsg/books/centaur/esim/stv/stv2c/fourval.h Examining data/acl2-8.3dfsg/books/centaur/esim/stv/stv2c/test_bits.cc Examining data/acl2-8.3dfsg/books/centaur/esim/stv/stv2c/alu16.cc Examining data/acl2-8.3dfsg/books/centaur/esim/stv/stv2c/bits.h FINAL RESULTS: data/acl2-8.3dfsg/books/projects/rac/src/main.c:18:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, argv[0]); data/acl2-8.3dfsg/books/projects/rac/src/main.c:28:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, argv[0]); data/acl2-8.3dfsg/books/projects/rac/src/output.c:116:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, s); data/acl2-8.3dfsg/books/projects/rac/src/output.c:130:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, s); data/acl2-8.3dfsg/books/projects/rac/src/output.c:316:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(RACname, m); data/acl2-8.3dfsg/books/projects/rac/src/output.c:1384:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(result, str); data/acl2-8.3dfsg/books/quicklisp/bundle/software/cffi_0.19.0/tests/libtest.c:71:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(p, str); data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/dags.c:55:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(terms_dag[h].symbol,t->symbol); data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/dags.c:62:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(terms_dag[h].symbol,t->symbol); data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/lists.c:22:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newvl->symbol,newsymbol); data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/lists.c:37:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newvl->symbol,newsymbol); data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/terms.c:25:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(t->symbol,symbol); data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/terms.c:34:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(t->symbol,symbol); data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/terms.c:45:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(t->symbol,symbol); data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/terms.c:143:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(t->symbol,symbol); data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/minisat-output-formater.c:39:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char char_buff[100]; data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/minisat-output-formater.c:59:20: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). read_num = atol(char_buff); data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/minisat-output-formater.c:112:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char char_buff[100]; data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/minisat-output-formater.c:120:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(argc[1], "r"); data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/sat-input-formater.c:24:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). cnf_file = fopen(argc[1], "r"); data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/smt-prep.c:45:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char char_buff[200]; data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/zchaff-output-formater.c:11:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char char_buff[200]; data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/zchaff-output-formater.c:44:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char char_buff[100]; data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/zchaff-output-formater.c:59:18: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). read_num = atol(char_buff); data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/zchaff-output-formater.c:103:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char char_buff[100]; data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/zchaff-output-formater.c:111:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). cnf_file = fopen(argc[1], "r"); data/acl2-8.3dfsg/books/projects/rac/include/ac_fixed.h:425:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char r[(W-AC_MIN(AC_MIN(W-I,I),0)+31)/32*32+5] = {0}; data/acl2-8.3dfsg/books/projects/rac/include/ac_int.h:1995:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char r[N*32+4] = {0}; data/acl2-8.3dfsg/books/projects/rac/src/main.c:13:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[80]; data/acl2-8.3dfsg/books/projects/rac/src/main.c:19:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, ".i"); data/acl2-8.3dfsg/books/projects/rac/src/main.c:20:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). yyin = fopen(buf, "r"); data/acl2-8.3dfsg/books/projects/rac/src/main.c:30:11: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, ".ast.lsp"); data/acl2-8.3dfsg/books/projects/rac/src/main.c:31:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fout.open(buf); data/acl2-8.3dfsg/books/projects/rac/src/main.c:36:11: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, ".pc"); data/acl2-8.3dfsg/books/projects/rac/src/main.c:37:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fout.open(buf); data/acl2-8.3dfsg/books/projects/rac/src/output.c:951:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atoi(name); data/acl2-8.3dfsg/books/projects/x86isa/tools/execution/examples/wc/wc-file.c:156:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[256], buffer[256]; data/acl2-8.3dfsg/books/projects/x86isa/tools/execution/examples/wc/wc-file.c:157:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char output[256]; data/acl2-8.3dfsg/books/projects/x86isa/tools/execution/examples/wc/wc-input.c:60:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1]; data/acl2-8.3dfsg/books/quicklisp/bundle/software/cffi_0.19.0/grovel/common.h:53:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[256]; data/acl2-8.3dfsg/books/tools/drat-trim/drat-trim.c:246:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *coreFile = fopen (S->coreStr, "w"); data/acl2-8.3dfsg/books/tools/drat-trim/drat-trim.c:307:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *lemmaFile = fopen (S->lemmaStr, "w"); data/acl2-8.3dfsg/books/tools/drat-trim/drat-trim.c:676:26: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *coreFile = fopen (S->coreStr, "w"); data/acl2-8.3dfsg/books/tools/drat-trim/drat-trim.c:680:27: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *lemmaFile = fopen (S->lemmaStr, "w"); data/acl2-8.3dfsg/books/tools/drat-trim/drat-trim.c:688:26: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *coreFile = fopen (S->coreStr, "w"); data/acl2-8.3dfsg/books/tools/drat-trim/drat-trim.c:692:27: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *lemmaFile = fopen (S->lemmaStr, "w"); data/acl2-8.3dfsg/books/tools/drat-trim/drat-trim.c:1039:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ignore[1024]; data/acl2-8.3dfsg/books/tools/drat-trim/drat-trim.c:1285:50: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if (argv[i][1] == 'a') S.activeFile = fopen (argv[++i], "w"); data/acl2-8.3dfsg/books/tools/drat-trim/drat-trim.c:1287:50: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if (argv[i][1] == 'L') S.lratFile = fopen (argv[++i], "w"); data/acl2-8.3dfsg/books/tools/drat-trim/drat-trim.c:1288:50: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if (argv[i][1] == 'r') S.traceFile = fopen (argv[++i], "w"); data/acl2-8.3dfsg/books/tools/drat-trim/drat-trim.c:1289:50: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). else if (argv[i][1] == 't') S.timeout = atoi (argv[++i]); data/acl2-8.3dfsg/books/tools/drat-trim/drat-trim.c:1306:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). S.inputFile = fopen (argv[1], "r"); data/acl2-8.3dfsg/books/tools/drat-trim/drat-trim.c:1311:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). S.proofFile = fopen (argv[2], "r"); data/acl2-8.3dfsg/books/tools/drat-trim/drat-trim.c:1323:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). S.proofFile = fopen (argv[2], "r"); data/acl2-8.3dfsg/books/unicode/test-performance/timing.c:17:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(in = fopen(argv[1], "r"))) { data/acl2-8.3dfsg/books/unicode/test-performance/timing.c:22:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). size = atoi(argv[2]) * 1024; data/acl2-8.3dfsg/books/unicode/test-performance/timing.cpp:19:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in.open(argv[1]); data/acl2-8.3dfsg/books/unicode/test-performance/timing.cpp:25:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). size = atoi(argv[2]) * 1024; data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/dags.c:271:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int problem = atoi(argv[1]); data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/dags.c:272:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int number = atoi(argv[2]); data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/dags.c:273:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int inc = atoi(argv[3]); data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/dags.c:274:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int rep = atoi(argv[4]); data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/dags.h:17:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char symbol[5]; data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/lists.c:15:34: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Varlist *varlistadd(Varlist *vl, char newsymbol[5], int newdirection) { data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/lists.h:12:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char symbol[5]; data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/terms.c:21:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char symbol[5]; data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/terms.c:24:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(symbol,"%d",i); data/acl2-8.3dfsg/books/workshops/2004/ruiz-et-al/support/dag-quadratic-C/terms.h:17:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char symbol[5]; data/acl2-8.3dfsg/books/centaur/esim/stv/stv2c/bits.h:245:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned n = strlen(s); data/acl2-8.3dfsg/books/centaur/esim/stv/stv2c/bits.h:510:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned n = strlen(s); data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/minisat-output-formater.c:35:10: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return fgetc(file); data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/minisat-output-formater.c:123:15: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). curr_char = fgetc(file); data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/minisat-output-formater.c:130:17: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). curr_char = fgetc(file); data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/sat-input-formater.c:31:15: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). curr_char = fgetc(cnf_file); data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/sat-input-formater.c:36:19: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). curr_char = fgetc(cnf_file); data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/sat-input-formater.c:40:21: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). curr_char = fgetc(cnf_file); data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/sat-input-formater.c:47:17: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). curr_char = fgetc(cnf_file); data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/smt-prep.c:41:10: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return getchar(); data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/zchaff-output-formater.c:23:19: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). curr_char = fgetc(cnf_file); data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/zchaff-output-formater.c:36:17: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). curr_char = fgetc(cnf_file); data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/zchaff-output-formater.c:51:15: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). curr_char = fgetc(cnf_file); data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/zchaff-output-formater.c:95:17: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). curr_char = fgetc(cnf_file); data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/zchaff-output-formater.c:113:15: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). curr_char = fgetc(cnf_file); data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/zchaff-output-formater.c:123:19: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). curr_char = fgetc(cnf_file); data/acl2-8.3dfsg/books/clause-processors/SULFA/c-files/zchaff-output-formater.c:151:39: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (curr_char != EOF) curr_char = fgetc(cnf_file); data/acl2-8.3dfsg/books/projects/arm/fadd/fadd64.cpp:667:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (reset.read()) { data/acl2-8.3dfsg/books/projects/arm/fadd/fadd64.cpp:671:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fz.read(); data/acl2-8.3dfsg/books/projects/arm/fadd/fadd64.cpp:672:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). dn.read(); data/acl2-8.3dfsg/books/projects/arm/fadd/fadd64.cpp:673:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rmode.read(); data/acl2-8.3dfsg/books/projects/arm/fadd/fadd64.cpp:674:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fma.read(); data/acl2-8.3dfsg/books/projects/arm/fadd/fadd64.cpp:675:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). inz.read(); data/acl2-8.3dfsg/books/projects/arm/fadd/fadd64.cpp:676:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). piz.read(); data/acl2-8.3dfsg/books/projects/arm/fadd/fadd64.cpp:677:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). expOvfl.read(); data/acl2-8.3dfsg/books/projects/arm/fadd/fadd64.cpp:678:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). mulExcps.read(); data/acl2-8.3dfsg/books/projects/arm/fadd/fadd64.cpp:679:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). opa.read(); data/acl2-8.3dfsg/books/projects/arm/fadd/fadd64.cpp:680:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). opb.read(); data/acl2-8.3dfsg/books/projects/arm/fdiv/fdiv64.cpp:956:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (reset.read()) { data/acl2-8.3dfsg/books/projects/arm/fdiv/fdiv64.cpp:960:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fz.read(); data/acl2-8.3dfsg/books/projects/arm/fdiv/fdiv64.cpp:961:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). dn.read(); data/acl2-8.3dfsg/books/projects/arm/fdiv/fdiv64.cpp:962:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rmode.read(); data/acl2-8.3dfsg/books/projects/arm/fdiv/fdiv64.cpp:963:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fmt.read(); data/acl2-8.3dfsg/books/projects/arm/fdiv/fdiv64.cpp:964:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). opa.read(); data/acl2-8.3dfsg/books/projects/arm/fdiv/fdiv64.cpp:965:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). opb.read(); data/acl2-8.3dfsg/books/projects/arm/fmul/fmul64.cpp:831:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (reset.read()) { data/acl2-8.3dfsg/books/projects/arm/fmul/fmul64.cpp:835:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fused.read(); data/acl2-8.3dfsg/books/projects/arm/fmul/fmul64.cpp:836:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fz.read(); data/acl2-8.3dfsg/books/projects/arm/fmul/fmul64.cpp:837:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). dn.read(); data/acl2-8.3dfsg/books/projects/arm/fmul/fmul64.cpp:838:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rmode.read(); data/acl2-8.3dfsg/books/projects/arm/fmul/fmul64.cpp:839:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). opa.read(); data/acl2-8.3dfsg/books/projects/arm/fmul/fmul64.cpp:840:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). opb.read(); data/acl2-8.3dfsg/books/projects/arm/fsqrt/fsqrt64.cpp:875:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (reset.read()) { data/acl2-8.3dfsg/books/projects/arm/fsqrt/fsqrt64.cpp:879:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fz.read(); data/acl2-8.3dfsg/books/projects/arm/fsqrt/fsqrt64.cpp:880:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). dn.read(); data/acl2-8.3dfsg/books/projects/arm/fsqrt/fsqrt64.cpp:881:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rmode.read(); data/acl2-8.3dfsg/books/projects/arm/fsqrt/fsqrt64.cpp:882:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fmt.read(); data/acl2-8.3dfsg/books/projects/arm/fsqrt/fsqrt64.cpp:883:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). opa.read(); data/acl2-8.3dfsg/books/projects/rac/examples/imul/imul.cpp:258:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x.read(); data/acl2-8.3dfsg/books/projects/rac/examples/imul/imul.cpp:259:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). y.read(); data/acl2-8.3dfsg/books/projects/rac/include/ac_fixed.h:725:20: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. return Base::equal(op2); data/acl2-8.3dfsg/books/projects/rac/include/ac_fixed.h:727:20: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. return Base::equal(op2.template shiftl<F-F2>()); data/acl2-8.3dfsg/books/projects/rac/include/ac_fixed.h:729:29: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. return shiftl<F2-F>().equal(op2); data/acl2-8.3dfsg/books/projects/rac/include/ac_fixed.h:735:22: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. return ! Base::equal(op2); data/acl2-8.3dfsg/books/projects/rac/include/ac_fixed.h:737:22: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. return ! Base::equal(op2.template shiftl<F-F2>()); data/acl2-8.3dfsg/books/projects/rac/include/ac_fixed.h:739:31: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. return ! shiftl<F2-F>().equal(op2); data/acl2-8.3dfsg/books/projects/rac/include/ac_int.h:1439:10: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. bool equal(const iv<N2> &op2) const { data/acl2-8.3dfsg/books/projects/rac/include/ac_int.h:2282:18: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. return Base::equal(op2); data/acl2-8.3dfsg/books/projects/rac/include/ac_int.h:2286:19: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. return !Base::equal(op2); data/acl2-8.3dfsg/books/projects/rac/src/output.c:115:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name = new char[strlen(s)+1]; data/acl2-8.3dfsg/books/projects/rac/src/output.c:129:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name = new char[strlen(s)+1]; data/acl2-8.3dfsg/books/projects/rac/src/output.c:315:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). RACname = new char[strlen(m)+1]; data/acl2-8.3dfsg/books/projects/rac/src/output.c:1383:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *result = new char[strlen(str)+1]; data/acl2-8.3dfsg/books/quicklisp/bundle/software/cffi_0.19.0/tests/libfsbv.c:164:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(string); data/acl2-8.3dfsg/books/quicklisp/bundle/software/cffi_0.19.0/tests/libtest.c:70:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *p = malloc(strlen(str) + 1); data/acl2-8.3dfsg/books/unicode/test-performance/timing.c:25:13: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = fgetc(in); ANALYSIS SUMMARY: Hits = 134 Lines analyzed = 20273 in approximately 1.89 seconds (10741 lines/second) Physical Source Lines of Code (SLOC) = 14887 Hits@level = [0] 279 [1] 66 [2] 53 [3] 0 [4] 15 [5] 0 Hits@level+ = [0+] 413 [1+] 134 [2+] 68 [3+] 15 [4+] 15 [5+] 0 Hits/KSLOC@level+ = [0+] 27.7423 [1+] 9.00114 [2+] 4.56774 [3+] 1.00759 [4+] 1.00759 [5+] 0 Dot directories skipped = 2 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.