Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/cminpack-1.3.6/chkder.c
Examining data/cminpack-1.3.6/chkder_.c
Examining data/cminpack-1.3.6/cminpack.h
Examining data/cminpack-1.3.6/cminpackP.h
Examining data/cminpack-1.3.6/covar.c
Examining data/cminpack-1.3.6/covar1.c
Examining data/cminpack-1.3.6/covar_.c
Examining data/cminpack-1.3.6/dogleg.c
Examining data/cminpack-1.3.6/dogleg_.c
Examining data/cminpack-1.3.6/dpmpar.c
Examining data/cminpack-1.3.6/dpmpar_.c
Examining data/cminpack-1.3.6/enorm.c
Examining data/cminpack-1.3.6/enorm_.c
Examining data/cminpack-1.3.6/examples/chkdrv.c
Examining data/cminpack-1.3.6/examples/chkdrv_.c
Examining data/cminpack-1.3.6/examples/cmpfiles.c
Examining data/cminpack-1.3.6/examples/errjac.c
Examining data/cminpack-1.3.6/examples/genf77tests.c
Examining data/cminpack-1.3.6/examples/hyjdrv.c
Examining data/cminpack-1.3.6/examples/hyjdrv_.c
Examining data/cminpack-1.3.6/examples/ibmdpdr.c
Examining data/cminpack-1.3.6/examples/ibmdpdr_.c
Examining data/cminpack-1.3.6/examples/machar.c
Examining data/cminpack-1.3.6/examples/neqipt.c
Examining data/cminpack-1.3.6/examples/ssq.h
Examining data/cminpack-1.3.6/examples/ssqfcn.c
Examining data/cminpack-1.3.6/examples/ssqipt.c
Examining data/cminpack-1.3.6/examples/ssqjac.c
Examining data/cminpack-1.3.6/examples/tchkder_.c
Examining data/cminpack-1.3.6/examples/tchkderc.c
Examining data/cminpack-1.3.6/examples/tchkderc_box.c
Examining data/cminpack-1.3.6/examples/tenorm_.c
Examining data/cminpack-1.3.6/examples/tenormc.c
Examining data/cminpack-1.3.6/examples/tfdjac2_.c
Examining data/cminpack-1.3.6/examples/tfdjac2c.c
Examining data/cminpack-1.3.6/examples/thybrd1_.c
Examining data/cminpack-1.3.6/examples/thybrd1c.c
Examining data/cminpack-1.3.6/examples/thybrd_.c
Examining data/cminpack-1.3.6/examples/thybrdc.c
Examining data/cminpack-1.3.6/examples/thybrj1_.c
Examining data/cminpack-1.3.6/examples/thybrj1c.c
Examining data/cminpack-1.3.6/examples/thybrj_.c
Examining data/cminpack-1.3.6/examples/thybrjc.c
Examining data/cminpack-1.3.6/examples/thybrjc_box.c
Examining data/cminpack-1.3.6/examples/tlmder1_.c
Examining data/cminpack-1.3.6/examples/tlmder1c.c
Examining data/cminpack-1.3.6/examples/tlmder_.c
Examining data/cminpack-1.3.6/examples/tlmderc.c
Examining data/cminpack-1.3.6/examples/tlmderc_box.c
Examining data/cminpack-1.3.6/examples/tlmdif1_.c
Examining data/cminpack-1.3.6/examples/tlmdif1c.c
Examining data/cminpack-1.3.6/examples/tlmdif_.c
Examining data/cminpack-1.3.6/examples/tlmdifc.c
Examining data/cminpack-1.3.6/examples/tlmstr1_.c
Examining data/cminpack-1.3.6/examples/tlmstr1c.c
Examining data/cminpack-1.3.6/examples/tlmstr_.c
Examining data/cminpack-1.3.6/examples/tlmstrc.c
Examining data/cminpack-1.3.6/examples/vec.h
Examining data/cminpack-1.3.6/examples/vecfcn.c
Examining data/cminpack-1.3.6/examples/vecjac.c
Examining data/cminpack-1.3.6/examples/hybdrv.c
Examining data/cminpack-1.3.6/examples/hybdrv_.c
Examining data/cminpack-1.3.6/examples/lmddrv.c
Examining data/cminpack-1.3.6/examples/lmddrv_.c
Examining data/cminpack-1.3.6/examples/lmfdrv.c
Examining data/cminpack-1.3.6/examples/lmfdrv_.c
Examining data/cminpack-1.3.6/examples/lmsdrv.c
Examining data/cminpack-1.3.6/examples/lmsdrv_.c
Examining data/cminpack-1.3.6/fdjac1.c
Examining data/cminpack-1.3.6/fdjac1_.c
Examining data/cminpack-1.3.6/fdjac2.c
Examining data/cminpack-1.3.6/fdjac2_.c
Examining data/cminpack-1.3.6/hybrd.c
Examining data/cminpack-1.3.6/hybrd1.c
Examining data/cminpack-1.3.6/hybrd1_.c
Examining data/cminpack-1.3.6/hybrd_.c
Examining data/cminpack-1.3.6/hybrj.c
Examining data/cminpack-1.3.6/hybrj1.c
Examining data/cminpack-1.3.6/hybrj1_.c
Examining data/cminpack-1.3.6/hybrj_.c
Examining data/cminpack-1.3.6/lmder.c
Examining data/cminpack-1.3.6/lmder1.c
Examining data/cminpack-1.3.6/lmder1_.c
Examining data/cminpack-1.3.6/lmder_.c
Examining data/cminpack-1.3.6/lmdif.c
Examining data/cminpack-1.3.6/lmdif1.c
Examining data/cminpack-1.3.6/lmdif1_.c
Examining data/cminpack-1.3.6/lmdif_.c
Examining data/cminpack-1.3.6/lmpar.c
Examining data/cminpack-1.3.6/lmpar_.c
Examining data/cminpack-1.3.6/lmstr.c
Examining data/cminpack-1.3.6/lmstr1.c
Examining data/cminpack-1.3.6/lmstr1_.c
Examining data/cminpack-1.3.6/lmstr_.c
Examining data/cminpack-1.3.6/minpack.h
Examining data/cminpack-1.3.6/minpackP.h
Examining data/cminpack-1.3.6/qform.c
Examining data/cminpack-1.3.6/qform_.c
Examining data/cminpack-1.3.6/qrfac.c
Examining data/cminpack-1.3.6/qrfac_.c
Examining data/cminpack-1.3.6/qrsolv.c
Examining data/cminpack-1.3.6/qrsolv_.c
Examining data/cminpack-1.3.6/r1mpyq.c
Examining data/cminpack-1.3.6/r1mpyq_.c
Examining data/cminpack-1.3.6/r1updt.c
Examining data/cminpack-1.3.6/r1updt_.c
Examining data/cminpack-1.3.6/rwupdt.c
Examining data/cminpack-1.3.6/rwupdt_.c
FINAL RESULTS:
data/cminpack-1.3.6/examples/cmpfiles.c:14:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[1024], buf2[1024];
data/cminpack-1.3.6/examples/cmpfiles.c:22:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp1 = fopen(argv[1],"r");
data/cminpack-1.3.6/examples/cmpfiles.c:27:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp2 = fopen(argv[2], "r");
data/cminpack-1.3.6/examples/genf77tests.c:28:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/cminpack-1.3.6/examples/genf77tests.c:34:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_doc = fopen(argv[1], "r");
data/cminpack-1.3.6/examples/genf77tests.c:64:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_src = fopen(name, "w");
data/cminpack-1.3.6/examples/tlmderc.c:109:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fjac1, fjac, sizeof(fjac));
data/cminpack-1.3.6/examples/tlmdifc.c:81:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fjac1, fjac, sizeof(fjac));
data/cminpack-1.3.6/examples/tlmstrc.c:75:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fjac1, fjac, sizeof(fjac));
data/cminpack-1.3.6/examples/genf77tests.c:50:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos = pos + strlen(head);
ANALYSIS SUMMARY:
Hits = 10
Lines analyzed = 22588 in approximately 0.84 seconds (26961 lines/second)
Physical Source Lines of Code (SLOC) = 11631
Hits@level = [0] 378 [1] 1 [2] 9 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 388 [1+] 10 [2+] 9 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 33.3591 [1+] 0.859771 [2+] 0.773794 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.