Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/cglm-0.7.9/include/cglm/affine-mat.h
Examining data/cglm-0.7.9/include/cglm/affine.h
Examining data/cglm-0.7.9/include/cglm/affine2d.h
Examining data/cglm-0.7.9/include/cglm/applesimd.h
Examining data/cglm-0.7.9/include/cglm/bezier.h
Examining data/cglm-0.7.9/include/cglm/box.h
Examining data/cglm-0.7.9/include/cglm/call.h
Examining data/cglm-0.7.9/include/cglm/call/affine.h
Examining data/cglm-0.7.9/include/cglm/call/affine2d.h
Examining data/cglm-0.7.9/include/cglm/call/bezier.h
Examining data/cglm-0.7.9/include/cglm/call/box.h
Examining data/cglm-0.7.9/include/cglm/call/cam.h
Examining data/cglm-0.7.9/include/cglm/call/curve.h
Examining data/cglm-0.7.9/include/cglm/call/ease.h
Examining data/cglm-0.7.9/include/cglm/call/euler.h
Examining data/cglm-0.7.9/include/cglm/call/frustum.h
Examining data/cglm-0.7.9/include/cglm/call/io.h
Examining data/cglm-0.7.9/include/cglm/call/mat2.h
Examining data/cglm-0.7.9/include/cglm/call/mat3.h
Examining data/cglm-0.7.9/include/cglm/call/mat4.h
Examining data/cglm-0.7.9/include/cglm/call/plane.h
Examining data/cglm-0.7.9/include/cglm/call/project.h
Examining data/cglm-0.7.9/include/cglm/call/quat.h
Examining data/cglm-0.7.9/include/cglm/call/ray.h
Examining data/cglm-0.7.9/include/cglm/call/sphere.h
Examining data/cglm-0.7.9/include/cglm/call/vec2.h
Examining data/cglm-0.7.9/include/cglm/call/vec3.h
Examining data/cglm-0.7.9/include/cglm/call/vec4.h
Examining data/cglm-0.7.9/include/cglm/cam.h
Examining data/cglm-0.7.9/include/cglm/cglm.h
Examining data/cglm-0.7.9/include/cglm/color.h
Examining data/cglm-0.7.9/include/cglm/common.h
Examining data/cglm-0.7.9/include/cglm/curve.h
Examining data/cglm-0.7.9/include/cglm/ease.h
Examining data/cglm-0.7.9/include/cglm/euler.h
Examining data/cglm-0.7.9/include/cglm/frustum.h
Examining data/cglm-0.7.9/include/cglm/io.h
Examining data/cglm-0.7.9/include/cglm/mat2.h
Examining data/cglm-0.7.9/include/cglm/mat3.h
Examining data/cglm-0.7.9/include/cglm/mat4.h
Examining data/cglm-0.7.9/include/cglm/plane.h
Examining data/cglm-0.7.9/include/cglm/project.h
Examining data/cglm-0.7.9/include/cglm/quat.h
Examining data/cglm-0.7.9/include/cglm/ray.h
Examining data/cglm-0.7.9/include/cglm/simd/arm.h
Examining data/cglm-0.7.9/include/cglm/simd/avx/affine.h
Examining data/cglm-0.7.9/include/cglm/simd/avx/mat4.h
Examining data/cglm-0.7.9/include/cglm/simd/intrin.h
Examining data/cglm-0.7.9/include/cglm/simd/neon/mat4.h
Examining data/cglm-0.7.9/include/cglm/simd/sse2/affine.h
Examining data/cglm-0.7.9/include/cglm/simd/sse2/mat2.h
Examining data/cglm-0.7.9/include/cglm/simd/sse2/mat3.h
Examining data/cglm-0.7.9/include/cglm/simd/sse2/mat4.h
Examining data/cglm-0.7.9/include/cglm/simd/sse2/quat.h
Examining data/cglm-0.7.9/include/cglm/simd/x86.h
Examining data/cglm-0.7.9/include/cglm/sphere.h
Examining data/cglm-0.7.9/include/cglm/struct.h
Examining data/cglm-0.7.9/include/cglm/struct/affine.h
Examining data/cglm-0.7.9/include/cglm/struct/affine2d.h
Examining data/cglm-0.7.9/include/cglm/struct/box.h
Examining data/cglm-0.7.9/include/cglm/struct/cam.h
Examining data/cglm-0.7.9/include/cglm/struct/color.h
Examining data/cglm-0.7.9/include/cglm/struct/curve.h
Examining data/cglm-0.7.9/include/cglm/struct/euler.h
Examining data/cglm-0.7.9/include/cglm/struct/frustum.h
Examining data/cglm-0.7.9/include/cglm/struct/io.h
Examining data/cglm-0.7.9/include/cglm/struct/mat2.h
Examining data/cglm-0.7.9/include/cglm/struct/mat3.h
Examining data/cglm-0.7.9/include/cglm/struct/mat4.h
Examining data/cglm-0.7.9/include/cglm/struct/plane.h
Examining data/cglm-0.7.9/include/cglm/struct/project.h
Examining data/cglm-0.7.9/include/cglm/struct/quat.h
Examining data/cglm-0.7.9/include/cglm/struct/sphere.h
Examining data/cglm-0.7.9/include/cglm/struct/vec2-ext.h
Examining data/cglm-0.7.9/include/cglm/struct/vec2.h
Examining data/cglm-0.7.9/include/cglm/struct/vec3-ext.h
Examining data/cglm-0.7.9/include/cglm/struct/vec3.h
Examining data/cglm-0.7.9/include/cglm/struct/vec4-ext.h
Examining data/cglm-0.7.9/include/cglm/struct/vec4.h
Examining data/cglm-0.7.9/include/cglm/types-struct.h
Examining data/cglm-0.7.9/include/cglm/types.h
Examining data/cglm-0.7.9/include/cglm/util.h
Examining data/cglm-0.7.9/include/cglm/vec2-ext.h
Examining data/cglm-0.7.9/include/cglm/vec2.h
Examining data/cglm-0.7.9/include/cglm/vec3-ext.h
Examining data/cglm-0.7.9/include/cglm/vec3.h
Examining data/cglm-0.7.9/include/cglm/vec4-ext.h
Examining data/cglm-0.7.9/include/cglm/vec4.h
Examining data/cglm-0.7.9/include/cglm/version.h
Examining data/cglm-0.7.9/src/affine.c
Examining data/cglm-0.7.9/src/affine2d.c
Examining data/cglm-0.7.9/src/bezier.c
Examining data/cglm-0.7.9/src/box.c
Examining data/cglm-0.7.9/src/cam.c
Examining data/cglm-0.7.9/src/config.h
Examining data/cglm-0.7.9/src/curve.c
Examining data/cglm-0.7.9/src/ease.c
Examining data/cglm-0.7.9/src/euler.c
Examining data/cglm-0.7.9/src/frustum.c
Examining data/cglm-0.7.9/src/io.c
Examining data/cglm-0.7.9/src/mat2.c
Examining data/cglm-0.7.9/src/mat3.c
Examining data/cglm-0.7.9/src/mat4.c
Examining data/cglm-0.7.9/src/plane.c
Examining data/cglm-0.7.9/src/project.c
Examining data/cglm-0.7.9/src/quat.c
Examining data/cglm-0.7.9/src/ray.c
Examining data/cglm-0.7.9/src/sphere.c
Examining data/cglm-0.7.9/src/swift/empty.c
Examining data/cglm-0.7.9/src/vec2.c
Examining data/cglm-0.7.9/src/vec3.c
Examining data/cglm-0.7.9/src/vec4.c
Examining data/cglm-0.7.9/test/include/common.h
Examining data/cglm-0.7.9/test/runner.c
Examining data/cglm-0.7.9/test/src/test_affine.h
Examining data/cglm-0.7.9/test/src/test_affine2d.h
Examining data/cglm-0.7.9/test/src/test_affine_mat.h
Examining data/cglm-0.7.9/test/src/test_bezier.c
Examining data/cglm-0.7.9/test/src/test_cam.c
Examining data/cglm-0.7.9/test/src/test_camera.h
Examining data/cglm-0.7.9/test/src/test_clamp.c
Examining data/cglm-0.7.9/test/src/test_common.c
Examining data/cglm-0.7.9/test/src/test_common.h
Examining data/cglm-0.7.9/test/src/test_euler.c
Examining data/cglm-0.7.9/test/src/test_mat2.h
Examining data/cglm-0.7.9/test/src/test_mat3.h
Examining data/cglm-0.7.9/test/src/test_mat4.h
Examining data/cglm-0.7.9/test/src/test_plane.h
Examining data/cglm-0.7.9/test/src/test_project.h
Examining data/cglm-0.7.9/test/src/test_quat.h
Examining data/cglm-0.7.9/test/src/test_ray.h
Examining data/cglm-0.7.9/test/src/test_struct.c
Examining data/cglm-0.7.9/test/src/test_vec2.h
Examining data/cglm-0.7.9/test/src/test_vec3.h
Examining data/cglm-0.7.9/test/src/test_vec4.h
Examining data/cglm-0.7.9/test/src/tests.c
Examining data/cglm-0.7.9/test/tests.h
FINAL RESULTS:
data/cglm-0.7.9/include/cglm/io.h:98:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(ostream, CGLM_PRINT_COLOR_RESET "\n");
data/cglm-0.7.9/include/cglm/io.h:141:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(ostream, CGLM_PRINT_COLOR_RESET "\n");
data/cglm-0.7.9/include/cglm/io.h:183:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(ostream, CGLM_PRINT_COLOR_RESET "\n");
data/cglm-0.7.9/include/cglm/io.h:320:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(ostream, CGLM_PRINT_COLOR_RESET "\n");
data/cglm-0.7.9/test/include/common.h:111:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, \
data/cglm-0.7.9/test/include/common.h:132:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, \
data/cglm-0.7.9/test/runner.c:28:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, CYAN "\nWelcome to cglm tests\n\n" RESET);
data/cglm-0.7.9/test/runner.c:43:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,
data/cglm-0.7.9/test/runner.c:56:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,
data/cglm-0.7.9/test/runner.c:59:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,
data/cglm-0.7.9/test/runner.c:68:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, GREEN " " OK_TEXT RESET " %-*s ", maxlen, entry->name);
data/cglm-0.7.9/test/runner.c:71:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, YELLOW "%.2fs", elapsed);
data/cglm-0.7.9/test/runner.c:75:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, "\n" RESET);
data/cglm-0.7.9/test/runner.c:81:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,
data/cglm-0.7.9/test/runner.c:85:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,
data/cglm-0.7.9/test/include/common.h:145:10: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
# define drand48() ((float)(rand() / (RAND_MAX + 1.0)))
data/cglm-0.7.9/test/runner.c:30:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned int)time(NULL));
data/cglm-0.7.9/test/src/test_affine_mat.h:45:18: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
glm_rotate(m1, drand48(), (vec3){drand48(), drand48(), drand48()});
data/cglm-0.7.9/test/src/test_affine_mat.h:45:36: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
glm_rotate(m1, drand48(), (vec3){drand48(), drand48(), drand48()});
data/cglm-0.7.9/test/src/test_affine_mat.h:45:47: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
glm_rotate(m1, drand48(), (vec3){drand48(), drand48(), drand48()});
data/cglm-0.7.9/test/src/test_affine_mat.h:45:58: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
glm_rotate(m1, drand48(), (vec3){drand48(), drand48(), drand48()});
data/cglm-0.7.9/test/src/test_affine_mat.h:46:18: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
glm_rotate(m2, drand48(), (vec3){drand48(), drand48(), drand48()});
data/cglm-0.7.9/test/src/test_affine_mat.h:46:36: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
glm_rotate(m2, drand48(), (vec3){drand48(), drand48(), drand48()});
data/cglm-0.7.9/test/src/test_affine_mat.h:46:47: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
glm_rotate(m2, drand48(), (vec3){drand48(), drand48(), drand48()});
data/cglm-0.7.9/test/src/test_affine_mat.h:46:58: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
glm_rotate(m2, drand48(), (vec3){drand48(), drand48(), drand48()});
data/cglm-0.7.9/test/src/test_common.c:14:16: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
dest[3][0] = drand48();
data/cglm-0.7.9/test/src/test_common.c:15:16: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
dest[3][1] = drand48();
data/cglm-0.7.9/test/src/test_common.c:16:16: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
dest[3][2] = drand48();
data/cglm-0.7.9/test/src/test_common.c:19:20: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
glm_rotate(dest, drand48(), (vec3){drand48(), drand48(), drand48()});
data/cglm-0.7.9/test/src/test_common.c:19:38: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
glm_rotate(dest, drand48(), (vec3){drand48(), drand48(), drand48()});
data/cglm-0.7.9/test/src/test_common.c:19:49: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
glm_rotate(dest, drand48(), (vec3){drand48(), drand48(), drand48()});
data/cglm-0.7.9/test/src/test_common.c:19:60: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
glm_rotate(dest, drand48(), (vec3){drand48(), drand48(), drand48()});
data/cglm-0.7.9/test/src/test_common.c:30:23: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
glm_rotate_make(m4, drand48(), (vec3){drand48(), drand48(), drand48()});
data/cglm-0.7.9/test/src/test_common.c:30:41: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
glm_rotate_make(m4, drand48(), (vec3){drand48(), drand48(), drand48()});
data/cglm-0.7.9/test/src/test_common.c:30:52: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
glm_rotate_make(m4, drand48(), (vec3){drand48(), drand48(), drand48()});
data/cglm-0.7.9/test/src/test_common.c:30:63: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
glm_rotate_make(m4, drand48(), (vec3){drand48(), drand48(), drand48()});
data/cglm-0.7.9/test/src/test_common.c:36:16: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
dest[0][0] = drand48();
data/cglm-0.7.9/test/src/test_common.c:37:16: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
dest[0][1] = drand48();
data/cglm-0.7.9/test/src/test_common.c:38:16: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
dest[1][0] = drand48();
data/cglm-0.7.9/test/src/test_common.c:39:16: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
dest[1][1] = drand48();
data/cglm-0.7.9/test/src/test_common.c:44:13: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
dest[0] = drand48();
data/cglm-0.7.9/test/src/test_common.c:45:13: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
dest[1] = drand48();
data/cglm-0.7.9/test/src/test_common.c:46:13: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
dest[2] = drand48();
data/cglm-0.7.9/test/src/test_common.c:58:13: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
dest[0] = drand48();
data/cglm-0.7.9/test/src/test_common.c:59:13: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
dest[1] = drand48();
data/cglm-0.7.9/test/src/test_common.c:60:13: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
dest[2] = drand48();
data/cglm-0.7.9/test/src/test_common.c:61:13: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
dest[3] = drand48();
data/cglm-0.7.9/test/src/test_common.c:73:10: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return drand48();
data/cglm-0.7.9/test/src/test_common.c:78:15: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
glm_quat(q, drand48(), drand48(), drand48(), drand48());
data/cglm-0.7.9/test/src/test_common.c:78:26: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
glm_quat(q, drand48(), drand48(), drand48(), drand48());
data/cglm-0.7.9/test/src/test_common.c:78:37: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
glm_quat(q, drand48(), drand48(), drand48(), drand48());
data/cglm-0.7.9/test/src/test_common.c:78:48: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
glm_quat(q, drand48(), drand48(), drand48(), drand48());
data/cglm-0.7.9/include/cglm/io.h:66:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[16];
data/cglm-0.7.9/include/cglm/io.h:79:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cwi = sprintf(buff, "% .*f", CGLM_PRINT_PRECISION, matrix[i][j]);
data/cglm-0.7.9/include/cglm/io.h:81:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cwi = sprintf(buff, "% g", matrix[i][j]);
data/cglm-0.7.9/include/cglm/io.h:109:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[16];
data/cglm-0.7.9/include/cglm/io.h:122:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cwi = sprintf(buff, "% .*f", CGLM_PRINT_PRECISION, matrix[i][j]);
data/cglm-0.7.9/include/cglm/io.h:124:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cwi = sprintf(buff, "% g", matrix[i][j]);
data/cglm-0.7.9/include/cglm/io.h:151:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[16];
data/cglm-0.7.9/include/cglm/io.h:164:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cwi = sprintf(buff, "% .*f", CGLM_PRINT_PRECISION, matrix[i][j]);
data/cglm-0.7.9/include/cglm/io.h:166:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cwi = sprintf(buff, "% g", matrix[i][j]);
data/cglm-0.7.9/test/runner.c:36:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int32_t)strlen(entry->name);
ANALYSIS SUMMARY:
Hits = 62
Lines analyzed = 32448 in approximately 0.74 seconds (44026 lines/second)
Physical Source Lines of Code (SLOC) = 19307
Hits@level = [0] 41 [1] 1 [2] 9 [3] 37 [4] 15 [5] 0
Hits@level+ = [0+] 103 [1+] 62 [2+] 61 [3+] 52 [4+] 15 [5+] 0
Hits/KSLOC@level+ = [0+] 5.33485 [1+] 3.21127 [2+] 3.15948 [3+] 2.69332 [4+] 0.77692 [5+] 0
Dot directories skipped = 3 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.