Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/coinor-csdp-6.2.0/include/csdp/blockmat.h Examining data/coinor-csdp-6.2.0/include/csdp/declarations.h Examining data/coinor-csdp-6.2.0/include/csdp/index.h Examining data/coinor-csdp-6.2.0/include/csdp/parameters.h Examining data/coinor-csdp-6.2.0/doc/example.c Examining data/coinor-csdp-6.2.0/theta/complement.c Examining data/coinor-csdp-6.2.0/theta/graphtoprob.c Examining data/coinor-csdp-6.2.0/theta/rand_graph.c Examining data/coinor-csdp-6.2.0/theta/theta.c Examining data/coinor-csdp-6.2.0/lib/qreig.c Examining data/coinor-csdp-6.2.0/lib/Fnorm.c Examining data/coinor-csdp-6.2.0/lib/add_mat.c Examining data/coinor-csdp-6.2.0/lib/addscaledmat.c Examining data/coinor-csdp-6.2.0/lib/allocmat.c Examining data/coinor-csdp-6.2.0/lib/calc_dobj.c Examining data/coinor-csdp-6.2.0/lib/calc_pobj.c Examining data/coinor-csdp-6.2.0/lib/chol.c Examining data/coinor-csdp-6.2.0/lib/copy_mat.c Examining data/coinor-csdp-6.2.0/lib/easysdp.c Examining data/coinor-csdp-6.2.0/lib/freeprob.c Examining data/coinor-csdp-6.2.0/lib/initsoln.c Examining data/coinor-csdp-6.2.0/lib/linesearch.c Examining data/coinor-csdp-6.2.0/lib/make_i.c Examining data/coinor-csdp-6.2.0/lib/makefill.c Examining data/coinor-csdp-6.2.0/lib/mat_mult.c Examining data/coinor-csdp-6.2.0/lib/mat_multsp.c Examining data/coinor-csdp-6.2.0/lib/matvec.c Examining data/coinor-csdp-6.2.0/lib/norms.c Examining data/coinor-csdp-6.2.0/lib/op_a.c Examining data/coinor-csdp-6.2.0/lib/op_at.c Examining data/coinor-csdp-6.2.0/lib/op_o.c Examining data/coinor-csdp-6.2.0/lib/packed.c Examining data/coinor-csdp-6.2.0/lib/psd_feas.c Examining data/coinor-csdp-6.2.0/lib/readprob.c Examining data/coinor-csdp-6.2.0/lib/readsol.c Examining data/coinor-csdp-6.2.0/lib/sdp.c Examining data/coinor-csdp-6.2.0/lib/solvesys.c Examining data/coinor-csdp-6.2.0/lib/sortentries.c Examining data/coinor-csdp-6.2.0/lib/sym_mat.c Examining data/coinor-csdp-6.2.0/lib/trace_prod.c Examining data/coinor-csdp-6.2.0/lib/tweakgap.c Examining data/coinor-csdp-6.2.0/lib/user_exit.c Examining data/coinor-csdp-6.2.0/lib/writeprob.c Examining data/coinor-csdp-6.2.0/lib/writesol.c Examining data/coinor-csdp-6.2.0/lib/zero_mat.c Examining data/coinor-csdp-6.2.0/lib/initparams.c Examining data/coinor-csdp-6.2.0/solver/csdp.c Examining data/coinor-csdp-6.2.0/example/example.c FINAL RESULTS: data/coinor-csdp-6.2.0/theta/rand_graph.c:62:7: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((unsigned int)s); data/coinor-csdp-6.2.0/lib/initparams.c:16:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char parametername[30]; data/coinor-csdp-6.2.0/lib/initparams.c:17:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char junk[2]; data/coinor-csdp-6.2.0/lib/initparams.c:45:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). paramfile=fopen("param.csdp","r"); data/coinor-csdp-6.2.0/lib/readprob.c:54:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid=fopen(fname,"r"); data/coinor-csdp-6.2.0/lib/readprob.c:79:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid=fopen(fname,"r"); data/coinor-csdp-6.2.0/lib/readprob.c:463:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid=fopen(fname,"r"); data/coinor-csdp-6.2.0/lib/readsol.c:46:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid=fopen(fname,"r"); data/coinor-csdp-6.2.0/lib/writeprob.c:26:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid=fopen(fname,"w"); data/coinor-csdp-6.2.0/lib/writesol.c:27:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid=fopen(fname,"w"); data/coinor-csdp-6.2.0/theta/complement.c:43:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fidin=fopen(*++argv,"r"); data/coinor-csdp-6.2.0/theta/complement.c:44:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fidout=fopen(*++argv,"w"); data/coinor-csdp-6.2.0/theta/graphtoprob.c:63:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid=fopen(argv[1],"r"); data/coinor-csdp-6.2.0/theta/rand_graph.c:50:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fidout=fopen(*++argv,"w"); data/coinor-csdp-6.2.0/theta/rand_graph.c:51:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). n=atoi(*++argv); data/coinor-csdp-6.2.0/theta/rand_graph.c:61:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). s=atoi(*++argv); data/coinor-csdp-6.2.0/theta/theta.c:65:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid=fopen(*++argv,"r"); data/coinor-csdp-6.2.0/lib/readprob.c:92:5: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c=getc(fid); data/coinor-csdp-6.2.0/lib/readprob.c:96:9: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c=getc(fid); data/coinor-csdp-6.2.0/lib/readprob.c:476:5: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c=getc(fid); data/coinor-csdp-6.2.0/lib/readprob.c:480:9: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c=getc(fid); data/coinor-csdp-6.2.0/lib/readprob.c:767:5: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c=getc(fid); data/coinor-csdp-6.2.0/lib/readprob.c:769:7: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c=getc(fid); data/coinor-csdp-6.2.0/lib/readprob.c:788:5: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c=getc(fid); data/coinor-csdp-6.2.0/lib/readprob.c:793:9: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c=getc(fid); data/coinor-csdp-6.2.0/lib/readprob.c:830:5: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c=getc(fid); data/coinor-csdp-6.2.0/lib/readprob.c:836:6: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c=getc(fid); data/coinor-csdp-6.2.0/lib/readprob.c:841:9: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c=getc(fid); ANALYSIS SUMMARY: Hits = 28 Lines analyzed = 11305 in approximately 0.31 seconds (36086 lines/second) Physical Source Lines of Code (SLOC) = 7178 Hits@level = [0] 458 [1] 11 [2] 16 [3] 1 [4] 0 [5] 0 Hits@level+ = [0+] 486 [1+] 28 [2+] 17 [3+] 1 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 67.7069 [1+] 3.90081 [2+] 2.36835 [3+] 0.139315 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.