Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/clasp-3.3.5/app/clasp_app.cpp
Examining data/clasp-3.3.5/app/clasp_app.h
Examining data/clasp-3.3.5/app/main.cpp
Examining data/clasp-3.3.5/clasp/asp_preprocessor.h
Examining data/clasp-3.3.5/clasp/cb_enumerator.h
Examining data/clasp-3.3.5/clasp/clasp_facade.h
Examining data/clasp-3.3.5/clasp/claspfwd.h
Examining data/clasp-3.3.5/clasp/clause.h
Examining data/clasp-3.3.5/clasp/cli/clasp_options.h
Examining data/clasp-3.3.5/clasp/cli/clasp_output.h
Examining data/clasp-3.3.5/clasp/clingo.h
Examining data/clasp-3.3.5/clasp/constraint.h
Examining data/clasp-3.3.5/clasp/dependency_graph.h
Examining data/clasp-3.3.5/clasp/enumerator.h
Examining data/clasp-3.3.5/clasp/heuristics.h
Examining data/clasp-3.3.5/clasp/literal.h
Examining data/clasp-3.3.5/clasp/logic_program.h
Examining data/clasp-3.3.5/clasp/logic_program_types.h
Examining data/clasp-3.3.5/clasp/lookahead.h
Examining data/clasp-3.3.5/clasp/minimize_constraint.h
Examining data/clasp-3.3.5/clasp/model_enumerators.h
Examining data/clasp-3.3.5/clasp/mt/mutex.h
Examining data/clasp-3.3.5/clasp/mt/parallel_solve.h
Examining data/clasp-3.3.5/clasp/mt/thread.h
Examining data/clasp-3.3.5/clasp/parser.h
Examining data/clasp-3.3.5/clasp/pod_vector.h
Examining data/clasp-3.3.5/clasp/program_builder.h
Examining data/clasp-3.3.5/clasp/satelite.h
Examining data/clasp-3.3.5/clasp/shared_context.h
Examining data/clasp-3.3.5/clasp/solve_algorithms.h
Examining data/clasp-3.3.5/clasp/solver.h
Examining data/clasp-3.3.5/clasp/solver_strategies.h
Examining data/clasp-3.3.5/clasp/solver_types.h
Examining data/clasp-3.3.5/clasp/statistics.h
Examining data/clasp-3.3.5/clasp/unfounded_check.h
Examining data/clasp-3.3.5/clasp/util/hash.h
Examining data/clasp-3.3.5/clasp/util/indexed_priority_queue.h
Examining data/clasp-3.3.5/clasp/util/left_right_sequence.h
Examining data/clasp-3.3.5/clasp/util/misc_types.h
Examining data/clasp-3.3.5/clasp/util/multi_queue.h
Examining data/clasp-3.3.5/clasp/util/pod_vector.h
Examining data/clasp-3.3.5/clasp/util/timer.h
Examining data/clasp-3.3.5/clasp/util/type_manip.h
Examining data/clasp-3.3.5/clasp/weight_constraint.h
Examining data/clasp-3.3.5/examples/example.h
Examining data/clasp-3.3.5/examples/example1.cpp
Examining data/clasp-3.3.5/examples/example2.cpp
Examining data/clasp-3.3.5/examples/example3.cpp
Examining data/clasp-3.3.5/examples/example4.cpp
Examining data/clasp-3.3.5/examples/main.cpp
Examining data/clasp-3.3.5/libpotassco/app/lpconvert.cpp
Examining data/clasp-3.3.5/libpotassco/potassco/application.h
Examining data/clasp-3.3.5/libpotassco/potassco/aspif.h
Examining data/clasp-3.3.5/libpotassco/potassco/aspif_text.h
Examining data/clasp-3.3.5/libpotassco/potassco/basic_types.h
Examining data/clasp-3.3.5/libpotassco/potassco/clingo.h
Examining data/clasp-3.3.5/libpotassco/potassco/convert.h
Examining data/clasp-3.3.5/libpotassco/potassco/match_basic_types.h
Examining data/clasp-3.3.5/libpotassco/potassco/platform.h
Examining data/clasp-3.3.5/libpotassco/potassco/program_opts/detail/notifier.h
Examining data/clasp-3.3.5/libpotassco/potassco/program_opts/detail/refcountable.h
Examining data/clasp-3.3.5/libpotassco/potassco/program_opts/detail/value_store.h
Examining data/clasp-3.3.5/libpotassco/potassco/program_opts/errors.h
Examining data/clasp-3.3.5/libpotassco/potassco/program_opts/mapped_value.h
Examining data/clasp-3.3.5/libpotassco/potassco/program_opts/program_options.h
Examining data/clasp-3.3.5/libpotassco/potassco/program_opts/typed_value.h
Examining data/clasp-3.3.5/libpotassco/potassco/program_opts/value.h
Examining data/clasp-3.3.5/libpotassco/potassco/program_opts/value_store.h
Examining data/clasp-3.3.5/libpotassco/potassco/rule_utils.h
Examining data/clasp-3.3.5/libpotassco/potassco/smodels.h
Examining data/clasp-3.3.5/libpotassco/potassco/string_convert.h
Examining data/clasp-3.3.5/libpotassco/potassco/theory_data.h
Examining data/clasp-3.3.5/libpotassco/src/application.cpp
Examining data/clasp-3.3.5/libpotassco/src/aspif.cpp
Examining data/clasp-3.3.5/libpotassco/src/aspif_text.cpp
Examining data/clasp-3.3.5/libpotassco/src/clingo.cpp
Examining data/clasp-3.3.5/libpotassco/src/convert.cpp
Examining data/clasp-3.3.5/libpotassco/src/match_basic_types.cpp
Examining data/clasp-3.3.5/libpotassco/src/program_options.cpp
Examining data/clasp-3.3.5/libpotassco/src/rule_utils.cpp
Examining data/clasp-3.3.5/libpotassco/src/smodels.cpp
Examining data/clasp-3.3.5/libpotassco/src/string_convert.cpp
Examining data/clasp-3.3.5/libpotassco/src/theory_data.cpp
Examining data/clasp-3.3.5/libpotassco/src/value_store.cpp
Examining data/clasp-3.3.5/libpotassco/tests/catch.hpp
Examining data/clasp-3.3.5/libpotassco/tests/main.cpp
Examining data/clasp-3.3.5/libpotassco/tests/test_application.cpp
Examining data/clasp-3.3.5/libpotassco/tests/test_aspif.cpp
Examining data/clasp-3.3.5/libpotassco/tests/test_common.h
Examining data/clasp-3.3.5/libpotassco/tests/test_options.cpp
Examining data/clasp-3.3.5/libpotassco/tests/test_smodels.cpp
Examining data/clasp-3.3.5/libpotassco/tests/test_string_convert.cpp
Examining data/clasp-3.3.5/libpotassco/tests/test_text.cpp
Examining data/clasp-3.3.5/libpotassco/tests/test_value.cpp
Examining data/clasp-3.3.5/src/asp_preprocessor.cpp
Examining data/clasp-3.3.5/src/cb_enumerator.cpp
Examining data/clasp-3.3.5/src/clasp_facade.cpp
Examining data/clasp-3.3.5/src/clasp_options.cpp
Examining data/clasp-3.3.5/src/clasp_output.cpp
Examining data/clasp-3.3.5/src/clause.cpp
Examining data/clasp-3.3.5/src/clingo.cpp
Examining data/clasp-3.3.5/src/constraint.cpp
Examining data/clasp-3.3.5/src/dependency_graph.cpp
Examining data/clasp-3.3.5/src/enumerator.cpp
Examining data/clasp-3.3.5/src/heuristics.cpp
Examining data/clasp-3.3.5/src/logic_program.cpp
Examining data/clasp-3.3.5/src/logic_program_types.cpp
Examining data/clasp-3.3.5/src/lookahead.cpp
Examining data/clasp-3.3.5/src/minimize_constraint.cpp
Examining data/clasp-3.3.5/src/model_enumerators.cpp
Examining data/clasp-3.3.5/src/parallel_solve.cpp
Examining data/clasp-3.3.5/src/parser.cpp
Examining data/clasp-3.3.5/src/program_builder.cpp
Examining data/clasp-3.3.5/src/satelite.cpp
Examining data/clasp-3.3.5/src/shared_context.cpp
Examining data/clasp-3.3.5/src/solve_algorithms.cpp
Examining data/clasp-3.3.5/src/solver.cpp
Examining data/clasp-3.3.5/src/solver_strategies.cpp
Examining data/clasp-3.3.5/src/solver_types.cpp
Examining data/clasp-3.3.5/src/statistics.cpp
Examining data/clasp-3.3.5/src/timer.cpp
Examining data/clasp-3.3.5/src/unfounded_check.cpp
Examining data/clasp-3.3.5/src/weight_constraint.cpp
Examining data/clasp-3.3.5/tests/catch.hpp
Examining data/clasp-3.3.5/tests/clause_creator_test.cpp
Examining data/clasp-3.3.5/tests/clause_test.cpp
Examining data/clasp-3.3.5/tests/cli_test.cpp
Examining data/clasp-3.3.5/tests/decision_heuristic_test.cpp
Examining data/clasp-3.3.5/tests/dependency_graph_test.cpp
Examining data/clasp-3.3.5/tests/dlp_builder_test.cpp
Examining data/clasp-3.3.5/tests/enumerator_test.cpp
Examining data/clasp-3.3.5/tests/facade_test.cpp
Examining data/clasp-3.3.5/tests/literal_test.cpp
Examining data/clasp-3.3.5/tests/lpcompare.h
Examining data/clasp-3.3.5/tests/minimize_test.cpp
Examining data/clasp-3.3.5/tests/parser_test.cpp
Examining data/clasp-3.3.5/tests/program_builder_test.cpp
Examining data/clasp-3.3.5/tests/rule_test.cpp
Examining data/clasp-3.3.5/tests/satelite_test.cpp
Examining data/clasp-3.3.5/tests/solver_test.cpp
Examining data/clasp-3.3.5/tests/test_main.cpp
Examining data/clasp-3.3.5/tests/unfounded_check_test.cpp
Examining data/clasp-3.3.5/tests/weight_constraint_test.cpp
FINAL RESULTS:
data/clasp-3.3.5/clasp/shared_context.h:94:107: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
void dispatch(const Event& ev) { if (ev.verb <= verbosity(static_cast<Event::Subsystem>(ev.system))) { onEvent(ev); } }
data/clasp-3.3.5/clasp/util/misc_types.h:417:68: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
explicit Event(Subsystem sys, uint32 evId, Verbosity verbosity) : system(sys), verb(verbosity), op(0), id(evId) {}
data/clasp-3.3.5/clasp/util/misc_types.h:418:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
uint32 system : 2; //!< One of Event::Subsystem - subsystem that produced the event.
data/clasp-3.3.5/libpotassco/potassco/string_convert.h:308:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int vsnprintf(char* s, size_t n, const char* format, va_list arg);
data/clasp-3.3.5/libpotassco/src/program_options.cpp:60:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
size_t n = sprintf(buffer, " --%s%s", np, o.name().c_str());
data/clasp-3.3.5/libpotassco/src/program_options.cpp:62:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
n += sprintf(buffer+n, "[=%s%s]", arg, ap);
data/clasp-3.3.5/libpotassco/src/program_options.cpp:68:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
n += sprintf(buffer+n, "%c%s%s", (!o.alias()?'=':' '), arg, ap);
data/clasp-3.3.5/libpotassco/src/string_convert.cpp:70:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int vsnprintf(char* s, size_t n, const char* format, va_list arg) {
data/clasp-3.3.5/libpotassco/src/string_convert.cpp:71:14: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
return std::vsnprintf(s, n, format, arg);
data/clasp-3.3.5/libpotassco/src/string_convert.cpp:74:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int vsnprintf(char* s, size_t n, const char* format, va_list arg) {
data/clasp-3.3.5/libpotassco/src/string_convert.cpp:78:28: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
if (n == 0 || (res = std::vsnprintf(s, n, format, arg)) < 0 || size_t(res) >= n) {
data/clasp-3.3.5/libpotassco/src/string_convert.cpp:406:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int n = vsnprintf(buf.pos(), buf.free(), fmt, args);
data/clasp-3.3.5/libpotassco/src/string_convert.cpp:416:38: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
x = static_cast<size_t>(Potassco::vsnprintf(buf.pos(), buf.free() + 1, fmt, args));
data/clasp-3.3.5/libpotassco/src/string_convert.cpp:458:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(pos, sz, fmt, args);
data/clasp-3.3.5/libpotassco/tests/test_string_convert.cpp:198:23: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int r = Potassco::vsnprintf(s, n, fmt, args);
data/clasp-3.3.5/src/clasp_output.cpp:550:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("%s%-*s\"%s\": %" PRIu64, open_, indent(), " ", k, v);
data/clasp-3.3.5/src/clasp_output.cpp:623:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("%s%" PRId64, sep, *it);
data/clasp-3.3.5/src/clasp_output.cpp:687:38: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define printKeyValue(k, fmt, value) printf("%s%-*s: " fmt, format[cat_comment], width_, (k), (value))
data/clasp-3.3.5/src/clasp_output.cpp:775:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, fmt, args);
data/clasp-3.3.5/src/clasp_output.cpp:866:16: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
setState(ev.system, ev.verb, log->msg);
data/clasp-3.3.5/src/clasp_output.cpp:940:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (s.first){ accu += printf(format[cat_atom_name], s.first); }
data/clasp-3.3.5/src/clasp_output.cpp:941:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else { accu += printf(format[cat_atom_var] + !s.second.sign(), static_cast<int>(s.second.var())); }
data/clasp-3.3.5/src/clasp_output.cpp:1008:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("%" PRId64, upper[i]);
data/clasp-3.3.5/src/clasp_output.cpp:1019:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("%" PRId64, costs[0]);
data/clasp-3.3.5/src/clasp_output.cpp:1022:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("%" PRId64, costs[i]);
data/clasp-3.3.5/src/statistics.cpp:241:36: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
return *strings_.insert(it, std::strcpy(new char[std::strlen(s) + 1], s));
data/clasp-3.3.5/src/timer.cpp:48:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
} user, system;
data/clasp-3.3.5/src/timer.cpp:49:79: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
GetProcessTimes(GetCurrentProcess(), &ignoreStart, &ignoreExit, &user.time, &system.time);
data/clasp-3.3.5/src/timer.cpp:50:24: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
return (user.asUint + system.asUint) / double(TICKS_PER_SEC);
data/clasp-3.3.5/src/timer.cpp:58:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
} user, system;
data/clasp-3.3.5/src/timer.cpp:59:77: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
GetThreadTimes(GetCurrentThread(), &ignoreStart, &ignoreExit, &user.time, &system.time);
data/clasp-3.3.5/src/timer.cpp:60:24: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
return (user.asUint + system.asUint) / double(TICKS_PER_SEC);
data/clasp-3.3.5/clasp/util/misc_types.h:106:7: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
void srand(uint32 seed) { seed_ = seed; }
data/clasp-3.3.5/libpotassco/tests/catch.hpp:8543:18: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
std::srand( config.rngSeed() );
data/clasp-3.3.5/libpotassco/tests/test_string_convert.cpp:234:8: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
std::srand(0);
data/clasp-3.3.5/src/heuristics.cpp:141:8: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
rng_.srand(s.rng.seed());
data/clasp-3.3.5/src/solver.cpp:229:8: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
rng.srand(params.seed);
data/clasp-3.3.5/src/solver.cpp:233:8: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
rng.srand(x.seed());
data/clasp-3.3.5/tests/catch.hpp:8653:18: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
std::srand( config.rngSeed() );
data/clasp-3.3.5/app/clasp_app.cpp:395:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(claspAppOpts_.input[0].c_str());
data/clasp-3.3.5/app/clasp_app.cpp:453:31: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!isStdIn(fn)) { file_.open(fn.c_str()); }
data/clasp-3.3.5/app/clasp_app.cpp:534:33: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
: str_(isStdOut(to) ? stdout : fopen(to.c_str(), "w"))
data/clasp-3.3.5/app/clasp_app.cpp:584:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/clasp-3.3.5/app/clasp_app.cpp:640:55: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
WriteCnf::WriteCnf(const std::string& outFile) : str_(fopen(outFile.c_str(), "w")) {
data/clasp-3.3.5/clasp/cli/clasp_output.h:262:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifs_[2]; // field separator
data/clasp-3.3.5/clasp/minimize_constraint.h:523:82: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
uint32 allocCore(WeightConstraint* con, weight_t bound, weight_t weight, bool open);
data/clasp-3.3.5/clasp/mt/parallel_solve.h:339:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad[64 - (sizeof(uint64)*2)];
data/clasp-3.3.5/clasp/satelite.h:69:43: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void doExtendModel(ValueVec& m, LitVec& open);
data/clasp-3.3.5/clasp/shared_context.h:185:40: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void extendModel(ValueVec& m, LitVec& open);
data/clasp-3.3.5/clasp/shared_context.h:197:51: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual void doExtendModel(ValueVec& m, LitVec& open) = 0;
data/clasp-3.3.5/clasp/solver_types.h:479:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mem[32 - sizeof(Chunk*)];
data/clasp-3.3.5/clasp/solver_types.h:484:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pad[32-sizeof(Block*)];
data/clasp-3.3.5/clasp/util/left_right_sequence.h:183:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(temp, begin(), left_size()*sizeof(L));
data/clasp-3.3.5/clasp/util/left_right_sequence.h:186:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(temp+(new_cap-r), right(), right_size() * sizeof(R));
data/clasp-3.3.5/clasp/util/left_right_sequence.h:285:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(e, this->begin(), this->left_size() * sizeof(left_type));
data/clasp-3.3.5/clasp/util/left_right_sequence.h:286:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(e+r, this->right(), this->right_size()* sizeof(right_type));
data/clasp-3.3.5/clasp/util/left_right_sequence.h:333:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(this->begin(), other.begin(), other.left_size()*sizeof(left_type));
data/clasp-3.3.5/clasp/util/left_right_sequence.h:334:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(this->right(), const_cast<left_right_sequence&>(other).right(), other.right_size()*sizeof(right_type));
data/clasp-3.3.5/clasp/util/multi_queue.h:254:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad_[64 - sizeof(Node*)];
data/clasp-3.3.5/clasp/util/pod_vector.h:96:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(out, first_, n*sizeof(T));
data/clasp-3.3.5/clasp/util/pod_vector.h:184:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(ebo_.buf, other.begin(), other.size()*sizeof(T));
data/clasp-3.3.5/clasp/util/pod_vector.h:354:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(temp, ebo_.buf, size()*sizeof(T));
data/clasp-3.3.5/clasp/util/pod_vector.h:454:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(temp, ebo_.buf, size()*sizeof(T));
data/clasp-3.3.5/clasp/util/pod_vector.h:502:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(temp, begin(), prefix*sizeof(T));
data/clasp-3.3.5/clasp/util/pod_vector.h:506:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(temp+prefix+n, pos, (end()-pos)*sizeof(T));
data/clasp-3.3.5/clasp/weight_constraint.h:54:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open() const { return bound > 0 && bound <= reach;}
data/clasp-3.3.5/libpotassco/app/lpconvert.cpp:90:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
iFile.open(input_.c_str());
data/clasp-3.3.5/libpotassco/app/lpconvert.cpp:95:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
oFile.open(output_.c_str());
data/clasp-3.3.5/libpotassco/potassco/string_convert.h:387:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbo_[64];
data/clasp-3.3.5/libpotassco/src/match_basic_types.cpp:103:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(buf_, buf_ + rpos_, bLen);
data/clasp-3.3.5/libpotassco/src/program_options.cpp:65:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n += sprintf(buffer+n, ",-%c", o.alias());
data/clasp-3.3.5/libpotassco/src/program_options.cpp:70:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (n < maxW) n += sprintf(buffer+n, "%-*.*s", int(maxW-n), int(maxW-n), " ");
data/clasp-3.3.5/libpotassco/src/program_options.cpp:374:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sName[2] = {'-', opt->alias()};
data/clasp-3.3.5/libpotassco/src/program_options.cpp:632:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char optn[2];
data/clasp-3.3.5/libpotassco/src/rule_utils.cpp:85:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(mem_.begin(), other.mem_.begin(), other.rule_()->top);
data/clasp-3.3.5/libpotassco/src/rule_utils.cpp:170:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(bound_(), &bound, sizeof(Weight_t));
data/clasp-3.3.5/libpotassco/src/string_convert.cpp:380:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(buf.pos(), str, n = std::min(n, buf.free()));
data/clasp-3.3.5/libpotassco/src/string_convert.cpp:401:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char small[64];
data/clasp-3.3.5/libpotassco/src/string_convert.cpp:424:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[22];
data/clasp-3.3.5/libpotassco/src/string_convert.cpp:443:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[1024];
data/clasp-3.3.5/libpotassco/src/theory_data.cpp:48:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(f->args, begin(args), f->size * sizeof(Id_t));
data/clasp-3.3.5/libpotassco/src/theory_data.cpp:105:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(term_, Potassco::begin(terms), nTerms_ * sizeof(Id_t));
data/clasp-3.3.5/libpotassco/src/theory_data.cpp:131:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(term_, Potassco::begin(args), nTerms_ * sizeof(Id_t));
data/clasp-3.3.5/libpotassco/tests/catch.hpp:1581:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
struct TrueType { char sizer[1]; };
data/clasp-3.3.5/libpotassco/tests/catch.hpp:1582:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
struct FalseType { char sizer[2]; };
data/clasp-3.3.5/libpotassco/tests/catch.hpp:3137:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char storage[sizeof(T)];
data/clasp-3.3.5/libpotassco/tests/catch.hpp:6086:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open() {
data/clasp-3.3.5/libpotassco/tests/catch.hpp:6180:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open();
data/clasp-3.3.5/libpotassco/tests/catch.hpp:6226:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tracker->open();
data/clasp-3.3.5/libpotassco/tests/catch.hpp:6415:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char altStackMem[SIGSTKSZ];
data/clasp-3.3.5/libpotassco/tests/catch.hpp:7482:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[bufferSize];
data/clasp-3.3.5/libpotassco/tests/catch.hpp:7519:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_ofs.open( filename.c_str() );
data/clasp-3.3.5/libpotassco/tests/catch.hpp:8739:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char asChar[sizeof (int)];
data/clasp-3.3.5/libpotassco/tests/catch.hpp:9377:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[maxDoubleSize];
data/clasp-3.3.5/libpotassco/tests/catch.hpp:9384:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%.3f", duration);
data/clasp-3.3.5/libpotassco/tests/catch.hpp:9610:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line[CATCH_CONFIG_CONSOLE_WIDTH] = {0};
data/clasp-3.3.5/libpotassco/tests/catch.hpp:10204:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timeStamp[timeStampSize];
data/clasp-3.3.5/libpotassco/tests/test_string_convert.cpp:193:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5], buf2[6];
data/clasp-3.3.5/libpotassco/tests/test_string_convert.cpp:293:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/clasp-3.3.5/libpotassco/tests/test_string_convert.cpp:310:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/clasp-3.3.5/libpotassco/tests/test_string_convert.cpp:324:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5];
data/clasp-3.3.5/libpotassco/tests/test_string_convert.cpp:333:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/clasp-3.3.5/src/cb_enumerator.cpp:96:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(Literal p) const { return (value_[p.var()] & Model::estMask(p)) != 0; }
data/clasp-3.3.5/src/cb_enumerator.cpp:151:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!state_->open(*it)) { continue; }
data/clasp-3.3.5/src/cb_enumerator.cpp:167:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!state_->open(*it)) { continue; }
data/clasp-3.3.5/src/cb_enumerator.cpp:179:71: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
for (; i != end && s.value(open_[i].var()) == value_free && state_->open(open_[i]); ++i) { ; }
data/clasp-3.3.5/src/cb_enumerator.cpp:193:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!hasQuery() && state_->open(query_)) {
data/clasp-3.3.5/src/cb_enumerator.cpp:214:43: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool newQ = query_.flagged() || !state_->open(query_);
data/clasp-3.3.5/src/clasp_options.cpp:896:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(buffer, temp.c_str(), n * sizeof(char));
data/clasp-3.3.5/src/clasp_output.cpp:531:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUF_SIZE];
data/clasp-3.3.5/src/clasp_output.cpp:889:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[128];
data/clasp-3.3.5/src/clasp_output.cpp:897:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timeBuffer[30];
data/clasp-3.3.5/src/clause.cpp:68:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(lits_, a_lits, size*sizeof(Literal));
data/clasp-3.3.5/src/clause.cpp:404:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(head_, rep.lits, rep.size*sizeof(Literal));
data/clasp-3.3.5/src/clause.cpp:419:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(head_, rep.lits, std::min(rep.size, (uint32)ClauseHead::HEAD_LITS)*sizeof(Literal));
data/clasp-3.3.5/src/clause.cpp:430:35: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (!isSmall()) { std::memcpy(head_, other.head_, oSize*sizeof(Literal)); }
data/clasp-3.3.5/src/clause.cpp:431:35: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
else if (other.isSmall()) { std::memcpy(&local_, &other.local_, (ClauseHead::MAX_SHORT_LEN+1)*sizeof(Literal)); }
data/clasp-3.3.5/src/clause.cpp:433:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(head_, other.head_, ClauseHead::HEAD_LITS*sizeof(Literal));
data/clasp-3.3.5/src/clause.cpp:434:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(&local_, other.head_+ClauseHead::HEAD_LITS, 2*sizeof(Literal));
data/clasp-3.3.5/src/clause.cpp:745:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(head_, w, std::min((uint32)ClauseHead::HEAD_LITS, shared_lits->size())*sizeof(Literal));
data/clasp-3.3.5/src/clause.cpp:894:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(lits_ + 1, c1.lits, c1.size * sizeof(Literal));
data/clasp-3.3.5/src/minimize_constraint.cpp:283:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(lhs, rhs, size_*sizeof(wsum_t));
data/clasp-3.3.5/src/minimize_constraint.cpp:1434:95: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
uint32 UncoreMinimize::allocCore(WeightConstraint* con, weight_t bound, weight_t weight, bool open) {
data/clasp-3.3.5/src/minimize_constraint.cpp:1435:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!open) {
data/clasp-3.3.5/src/program_builder.cpp:167:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (rep.open()) {
data/clasp-3.3.5/src/shared_context.cpp:491:56: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void SatPreprocessor::extendModel(ValueVec& m, LitVec& open) {
data/clasp-3.3.5/src/shared_context.cpp:492:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!open.empty()) {
data/clasp-3.3.5/src/shared_context.cpp:494:3: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open.back() = ~open.back();
data/clasp-3.3.5/src/shared_context.cpp:494:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open.back() = ~open.back();
data/clasp-3.3.5/src/shared_context.cpp:496:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
doExtendModel(m, open);
data/clasp-3.3.5/src/shared_context.cpp:498:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
while (!open.empty() && open.back().sign()) {
data/clasp-3.3.5/src/shared_context.cpp:498:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
while (!open.empty() && open.back().sign()) {
data/clasp-3.3.5/src/shared_context.cpp:499:3: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open.pop_back();
data/clasp-3.3.5/src/shared_context.cpp:508:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(lits_, lits, size*sizeof(Literal));
data/clasp-3.3.5/src/shared_context.cpp:547:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(mem + sizeof(RefCount), str, len);
data/clasp-3.3.5/src/solver.cpp:45:59: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
State decodeState(uint32 epoch) const { return epoch <= open ? state_open : static_cast<State>(epoch - open); }
data/clasp-3.3.5/src/solver.cpp:45:106: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
State decodeState(uint32 epoch) const { return epoch <= open ? state_open : static_cast<State>(epoch - open); }
data/clasp-3.3.5/src/solver.cpp:49:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
uint32 open;
data/clasp-3.3.5/src/solver.cpp:1316:91: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
for (LitVec::const_iterator it = conflict_.begin(), end = conflict_.end(); it != end && open; ++it) {
data/clasp-3.3.5/src/solver.cpp:1322:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
rhs = open ? 0 : otfsRemove(rhs, &cc);
data/clasp-3.3.5/src/statistics.cpp:343:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[1024]; const char* top, *parent = path;
data/clasp-3.3.5/src/statistics.cpp:349:28: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
top = (const char*)std::memcpy(temp, top, len);
data/clasp-3.3.5/src/weight_constraint.cpp:152:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(x->lits, this->lits, litSize);
data/clasp-3.3.5/src/weight_constraint.cpp:214:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
assert(rep.open() || (rep.sat() && addSat));
data/clasp-3.3.5/src/weight_constraint.cpp:324:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(undo_, other.undo_, sizeof(UndoInfo)*(size()+isWeight()));
data/clasp-3.3.5/tests/catch.hpp:1594:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
struct TrueType { char sizer[1]; };
data/clasp-3.3.5/tests/catch.hpp:1595:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
struct FalseType { char sizer[2]; };
data/clasp-3.3.5/tests/catch.hpp:3185:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char storage[sizeof(T)];
data/clasp-3.3.5/tests/catch.hpp:6161:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open() {
data/clasp-3.3.5/tests/catch.hpp:6255:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open();
data/clasp-3.3.5/tests/catch.hpp:6301:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tracker->open();
data/clasp-3.3.5/tests/catch.hpp:6490:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char altStackMem[SIGSTKSZ];
data/clasp-3.3.5/tests/catch.hpp:7084:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char **utf8Argv = new char *[ argc ];
data/clasp-3.3.5/tests/catch.hpp:7584:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[bufferSize];
data/clasp-3.3.5/tests/catch.hpp:7621:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_ofs.open( filename.c_str() );
data/clasp-3.3.5/tests/catch.hpp:8856:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char asChar[sizeof (int)];
data/clasp-3.3.5/tests/catch.hpp:9491:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[maxDoubleSize];
data/clasp-3.3.5/tests/catch.hpp:9498:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%.3f", duration);
data/clasp-3.3.5/tests/catch.hpp:9724:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line[CATCH_CONFIG_CONSOLE_WIDTH] = {0};
data/clasp-3.3.5/tests/catch.hpp:10304:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timeStamp[timeStampSize];
data/clasp-3.3.5/app/clasp_app.cpp:354:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (std::size_t size = std::strlen(opts), n = maxW - minW; n < size;) {
data/clasp-3.3.5/app/clasp_app.cpp:504:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (clasp.read()) {
data/clasp-3.3.5/clasp/clasp_facade.h:331:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read();
data/clasp-3.3.5/clasp/util/pod_vector.h:531:11: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
&& std::equal(lhs.begin(), lhs.end(), rhs.begin());
data/clasp-3.3.5/libpotassco/potassco/string_convert.h:240:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std::size_t xLen = std::strlen(x);
data/clasp-3.3.5/libpotassco/src/application.cpp:284:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("Default command-line:\n%s %s\n", getName(), root.defaults(strlen(getName())+1).c_str());
data/clasp-3.3.5/libpotassco/src/convert.cpp:311:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out_.output(toSpan(it->name, std::strlen(it->name)), toSpan(&x, 1));
data/clasp-3.3.5/libpotassco/src/match_basic_types.cpp:89:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
str_.read(buf_ + rpos_, n);
data/clasp-3.3.5/libpotassco/src/match_basic_types.cpp:99:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std::size_t wLen = std::strlen(w);
data/clasp-3.3.5/libpotassco/src/match_basic_types.cpp:198:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std::size_t len = std::strlen(word);
data/clasp-3.3.5/libpotassco/src/program_options.cpp:56:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else { ap = "|no"; bufSize += strlen(ap); }
data/clasp-3.3.5/libpotassco/src/program_options.cpp:75:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std::size_t minS = strlen(desc);
data/clasp-3.3.5/libpotassco/src/program_options.cpp:93:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (temp) { buf.insert(buf.end(), temp, temp + strlen(temp)); }
data/clasp-3.3.5/libpotassco/src/program_options.cpp:207:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std::size_t argN = strlen(argName());
data/clasp-3.3.5/libpotassco/src/string_convert.cpp:42:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std::size_t xLen = std::strlen(x);
data/clasp-3.3.5/libpotassco/src/string_convert.cpp:236:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (errPos) { *errPos = x + strlen(x); }
data/clasp-3.3.5/libpotassco/src/string_convert.cpp:372:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return str && *str ? append(str, std::strlen(str)) : *this;
data/clasp-3.3.5/libpotassco/src/string_convert.cpp:398:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std::size_t x = p ? static_cast<std::size_t>(p - fmt) : std::strlen(fmt);
data/clasp-3.3.5/libpotassco/src/theory_data.cpp:215:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return addTerm(termId, Potassco::toSpan(name, name ? std::strlen(name) : 0));
data/clasp-3.3.5/libpotassco/src/theory_data.cpp:360:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return Potassco::toSpan(x, std::strlen(x));
data/clasp-3.3.5/libpotassco/tests/catch.hpp:8467:50: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return s.size() >= prefix.size() && std::equal(prefix.begin(), prefix.end(), s.begin());
data/clasp-3.3.5/libpotassco/tests/catch.hpp:8473:50: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return s.size() >= suffix.size() && std::equal(suffix.rbegin(), suffix.rend(), s.rbegin());
data/clasp-3.3.5/libpotassco/tests/test_aspif.cpp:134:16: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
REQUIRE(std::equal(begin(lits), end(lits), rb.lits_begin()));
data/clasp-3.3.5/libpotassco/tests/test_aspif.cpp:143:16: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
REQUIRE(std::equal(begin(sum), end(sum), rb.wlits_begin()));
data/clasp-3.3.5/libpotassco/tests/test_aspif.cpp:154:16: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
REQUIRE(std::equal(begin(sum), end(sum), rb.wlits_begin()));
data/clasp-3.3.5/libpotassco/tests/test_aspif.cpp:164:16: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
REQUIRE(std::equal(rb.lits_begin(), rb.lits_end(), begin(lits)));
data/clasp-3.3.5/libpotassco/tests/test_aspif.cpp:173:16: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
REQUIRE(std::equal(begin(lits), end(lits), rb.lits_begin()));
data/clasp-3.3.5/libpotassco/tests/test_aspif.cpp:289:16: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
REQUIRE(std::equal(begin(exp), end(exp), observer.externals.begin()) == true);
data/clasp-3.3.5/libpotassco/tests/test_aspif.cpp:327:16: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
REQUIRE(std::equal(std::begin(exp), std::end(exp), observer.heuristics.begin()) == true);
data/clasp-3.3.5/libpotassco/tests/test_aspif.cpp:480:16: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
REQUIRE(std::equal(a, a+3, observer.assumes.begin()) == true);
data/clasp-3.3.5/libpotassco/tests/test_aspif.cpp:489:16: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
REQUIRE(std::equal(a, a+3, observer.projects.begin()) == true);
data/clasp-3.3.5/libpotassco/tests/test_aspif.cpp:500:16: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
REQUIRE(std::equal(std::begin(exp), std::end(exp), observer.edges.begin()) == true);
data/clasp-3.3.5/libpotassco/tests/test_aspif.cpp:514:16: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
REQUIRE(std::equal(std::begin(exp), std::end(exp), observer.heuristics.begin()) == true);
data/clasp-3.3.5/libpotassco/tests/test_smodels.cpp:540:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return Potassco::toSpan(str, std::strlen(str));
data/clasp-3.3.5/libpotassco/tests/test_smodels.cpp:603:16: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
REQUIRE(std::equal(std::begin(exp), std::end(exp), observer.heuristics.begin()) == true);
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:34:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(AspifTextInput& in, std::stringstream& str) {
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:43:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
REQUIRE(read(prg, input));
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:48:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
REQUIRE(read(prg, input));
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:53:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
REQUIRE(read(prg, input));
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:58:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
REQUIRE(read(prg, input));
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:64:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
REQUIRE(read(prg, input));
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:70:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
REQUIRE(read(prg, input));
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:76:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
REQUIRE(read(prg, input));
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:82:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
REQUIRE(read(prg, input));
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:87:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
REQUIRE(read(prg, input));
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:92:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
REQUIRE(read(prg, input));
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:98:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
REQUIRE(read(prg, input));
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:104:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
REQUIRE(read(prg, input));
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:109:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
REQUIRE(read(prg, input));
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:114:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
REQUIRE(read(prg, input));
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:119:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
REQUIRE(read(prg, input));
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:127:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
REQUIRE(read(prg, input));
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:135:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
REQUIRE_THROWS(read(prg, input));
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:139:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
REQUIRE(read(prg, input));
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:144:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
REQUIRE(read(prg, input));
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:151:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
REQUIRE(read(prg, input));
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:159:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
REQUIRE(read(prg, input));
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:168:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
REQUIRE(read(prg, input));
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:180:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
try { read(prg, input); REQUIRE(false); }
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:194:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
REQUIRE(read(prg, input));
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:199:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(prg, input);
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:204:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(prg, input);
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:209:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(prg, input);
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:214:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(prg, input);
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:219:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(prg, input);
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:224:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(prg, input);
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:229:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(prg, input);
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:234:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(prg, input);
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:239:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(prg, input);
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:244:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(prg, input);
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:249:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(prg, input);
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:254:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(prg, input);
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:259:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(prg, input);
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:265:4: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(prg, input);
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:270:4: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(prg, input);
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:277:4: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(prg, input);
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:283:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(prg, input);
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:288:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(prg, input);
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:294:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(prg, input);
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:301:4: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(prg, input);
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:306:4: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(prg, input);
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:311:4: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(prg, input);
data/clasp-3.3.5/libpotassco/tests/test_text.cpp:324:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(prg, input);
data/clasp-3.3.5/src/clasp_facade.cpp:932:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool ClaspFacade::read() {
data/clasp-3.3.5/src/clasp_options.cpp:584:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std::size_t len = std::strlen(key.name);
data/clasp-3.3.5/src/clasp_options.cpp:685:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char* ConfigIter::base() const { return base_ + std::strlen(base_) + 2; }
data/clasp-3.3.5/src/clasp_options.cpp:686:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char* ConfigIter::args() const { const char* x = base(); return x + std::strlen(x) + 2; }
data/clasp-3.3.5/src/clasp_options.cpp:690:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
base_+= std::strlen(base_) + 1;
data/clasp-3.3.5/src/clasp_options.cpp:802:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std::size_t wLen = std::strlen(what);
data/clasp-3.3.5/src/clasp_output.cpp:749:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std::size_t len = std::strlen(catAtom);
data/clasp-3.3.5/src/clasp_output.cpp:765:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
width_ = 13+(int)strlen(format[cat_comment]);
data/clasp-3.3.5/src/clasp_output.cpp:796:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (std::strlen(res)) { printLN(cat_result, "%s", res); }
data/clasp-3.3.5/src/logic_program.cpp:477:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out.output(Potassco::toSpan(it->second.c_str(), std::strlen(it->second.c_str())), Potassco::toSpan(lits));
data/clasp-3.3.5/src/minimize_constraint.cpp:144:33: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
assert(lev <= w->level && std::equal(lhs, lhs+lev, rhs));
data/clasp-3.3.5/src/shared_context.cpp:574:139: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ConstString::ConstString(const char* str, Ownership_t::Type o) : ref_(str && *str && o == Ownership_t::Acquire ? StrRef::create(str, std::strlen(str)) : StrRef::lit(str)) {}
data/clasp-3.3.5/src/statistics.cpp:241:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return *strings_.insert(it, std::strcpy(new char[std::strlen(s) + 1], s));
data/clasp-3.3.5/tests/catch.hpp:8577:50: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return s.size() >= prefix.size() && std::equal(prefix.begin(), prefix.end(), s.begin());
data/clasp-3.3.5/tests/catch.hpp:8583:50: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return s.size() >= suffix.size() && std::equal(suffix.rbegin(), suffix.rend(), s.rbegin());
data/clasp-3.3.5/tests/minimize_test.cpp:250:16: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
REQUIRE(std::equal(d1->adjust(), d1->adjust() + d1->numRules(), d2->adjust()));
data/clasp-3.3.5/tests/program_builder_test.cpp:1103:36: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
REQUIRE((ext.size() == 2 && std::equal(ext.begin(), ext.end(), cond)));
data/clasp-3.3.5/tests/rule_test.cpp:33:38: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return lhs.size == rhs.size && std::equal(begin(lhs), end(lhs), begin(rhs));
data/clasp-3.3.5/tests/rule_test.cpp:36:74: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return lhs.bound == rhs.bound && lhs.lits.size == rhs.lits.size && std::equal(begin(lhs.lits), end(lhs.lits), begin(rhs.lits));
data/clasp-3.3.5/tests/rule_test.cpp:39:68: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return lhs.ht == rhs.ht && lhs.head.size == rhs.head.size && std::equal(begin(lhs.head), end(lhs.head), rhs.head.first)
ANALYSIS SUMMARY:
Hits = 263
Lines analyzed = 88547 in approximately 2.35 seconds (37706 lines/second)
Physical Source Lines of Code (SLOC) = 69919
Hits@level = [0] 124 [1] 103 [2] 121 [3] 7 [4] 32 [5] 0
Hits@level+ = [0+] 387 [1+] 263 [2+] 160 [3+] 39 [4+] 32 [5+] 0
Hits/KSLOC@level+ = [0+] 5.53498 [1+] 3.7615 [2+] 2.28836 [3+] 0.557788 [4+] 0.457672 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.