stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/coinor-csdp-6.2.0/include/csdp/blockmat.h
Examining data/coinor-csdp-6.2.0/include/csdp/declarations.h
Examining data/coinor-csdp-6.2.0/include/csdp/index.h
Examining data/coinor-csdp-6.2.0/include/csdp/parameters.h
Examining data/coinor-csdp-6.2.0/doc/example.c
Examining data/coinor-csdp-6.2.0/theta/complement.c
Examining data/coinor-csdp-6.2.0/theta/graphtoprob.c
Examining data/coinor-csdp-6.2.0/theta/rand_graph.c
Examining data/coinor-csdp-6.2.0/theta/theta.c
Examining data/coinor-csdp-6.2.0/lib/qreig.c
Examining data/coinor-csdp-6.2.0/lib/Fnorm.c
Examining data/coinor-csdp-6.2.0/lib/add_mat.c
Examining data/coinor-csdp-6.2.0/lib/addscaledmat.c
Examining data/coinor-csdp-6.2.0/lib/allocmat.c
Examining data/coinor-csdp-6.2.0/lib/calc_dobj.c
Examining data/coinor-csdp-6.2.0/lib/calc_pobj.c
Examining data/coinor-csdp-6.2.0/lib/chol.c
Examining data/coinor-csdp-6.2.0/lib/copy_mat.c
Examining data/coinor-csdp-6.2.0/lib/easysdp.c
Examining data/coinor-csdp-6.2.0/lib/freeprob.c
Examining data/coinor-csdp-6.2.0/lib/initsoln.c
Examining data/coinor-csdp-6.2.0/lib/linesearch.c
Examining data/coinor-csdp-6.2.0/lib/make_i.c
Examining data/coinor-csdp-6.2.0/lib/makefill.c
Examining data/coinor-csdp-6.2.0/lib/mat_mult.c
Examining data/coinor-csdp-6.2.0/lib/mat_multsp.c
Examining data/coinor-csdp-6.2.0/lib/matvec.c
Examining data/coinor-csdp-6.2.0/lib/norms.c
Examining data/coinor-csdp-6.2.0/lib/op_a.c
Examining data/coinor-csdp-6.2.0/lib/op_at.c
Examining data/coinor-csdp-6.2.0/lib/op_o.c
Examining data/coinor-csdp-6.2.0/lib/packed.c
Examining data/coinor-csdp-6.2.0/lib/psd_feas.c
Examining data/coinor-csdp-6.2.0/lib/readprob.c
Examining data/coinor-csdp-6.2.0/lib/readsol.c
Examining data/coinor-csdp-6.2.0/lib/sdp.c
Examining data/coinor-csdp-6.2.0/lib/solvesys.c
Examining data/coinor-csdp-6.2.0/lib/sortentries.c
Examining data/coinor-csdp-6.2.0/lib/sym_mat.c
Examining data/coinor-csdp-6.2.0/lib/trace_prod.c
Examining data/coinor-csdp-6.2.0/lib/tweakgap.c
Examining data/coinor-csdp-6.2.0/lib/user_exit.c
Examining data/coinor-csdp-6.2.0/lib/writeprob.c
Examining data/coinor-csdp-6.2.0/lib/writesol.c
Examining data/coinor-csdp-6.2.0/lib/zero_mat.c
Examining data/coinor-csdp-6.2.0/lib/initparams.c
Examining data/coinor-csdp-6.2.0/solver/csdp.c
Examining data/coinor-csdp-6.2.0/example/example.c

FINAL RESULTS:

data/coinor-csdp-6.2.0/theta/rand_graph.c:62:7:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
      srand((unsigned int)s);
data/coinor-csdp-6.2.0/lib/initparams.c:16:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char parametername[30];
data/coinor-csdp-6.2.0/lib/initparams.c:17:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char junk[2];
data/coinor-csdp-6.2.0/lib/initparams.c:45:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  paramfile=fopen("param.csdp","r");
data/coinor-csdp-6.2.0/lib/readprob.c:54:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fid=fopen(fname,"r");
data/coinor-csdp-6.2.0/lib/readprob.c:79:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fid=fopen(fname,"r");
data/coinor-csdp-6.2.0/lib/readprob.c:463:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fid=fopen(fname,"r");
data/coinor-csdp-6.2.0/lib/readsol.c:46:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fid=fopen(fname,"r");
data/coinor-csdp-6.2.0/lib/writeprob.c:26:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fid=fopen(fname,"w");
data/coinor-csdp-6.2.0/lib/writesol.c:27:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fid=fopen(fname,"w");
data/coinor-csdp-6.2.0/theta/complement.c:43:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fidin=fopen(*++argv,"r");
data/coinor-csdp-6.2.0/theta/complement.c:44:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fidout=fopen(*++argv,"w");
data/coinor-csdp-6.2.0/theta/graphtoprob.c:63:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fid=fopen(argv[1],"r");
data/coinor-csdp-6.2.0/theta/rand_graph.c:50:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      fidout=fopen(*++argv,"w");
data/coinor-csdp-6.2.0/theta/rand_graph.c:51:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      n=atoi(*++argv);
data/coinor-csdp-6.2.0/theta/rand_graph.c:61:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      s=atoi(*++argv);
data/coinor-csdp-6.2.0/theta/theta.c:65:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fid=fopen(*++argv,"r");
data/coinor-csdp-6.2.0/lib/readprob.c:92:5:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  c=getc(fid);
data/coinor-csdp-6.2.0/lib/readprob.c:96:9:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      c=getc(fid);
data/coinor-csdp-6.2.0/lib/readprob.c:476:5:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  c=getc(fid);
data/coinor-csdp-6.2.0/lib/readprob.c:480:9:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      c=getc(fid);
data/coinor-csdp-6.2.0/lib/readprob.c:767:5:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  c=getc(fid);
data/coinor-csdp-6.2.0/lib/readprob.c:769:7:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    c=getc(fid);
data/coinor-csdp-6.2.0/lib/readprob.c:788:5:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  c=getc(fid);
data/coinor-csdp-6.2.0/lib/readprob.c:793:9:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      c=getc(fid);
data/coinor-csdp-6.2.0/lib/readprob.c:830:5:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  c=getc(fid);
data/coinor-csdp-6.2.0/lib/readprob.c:836:6:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	  c=getc(fid);
data/coinor-csdp-6.2.0/lib/readprob.c:841:9:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      c=getc(fid);

ANALYSIS SUMMARY:

Hits = 28
Lines analyzed = 11305 in approximately 0.31 seconds (36086 lines/second)
Physical Source Lines of Code (SLOC) = 7178
Hits@level = [0] 458 [1]  11 [2]  16 [3]   1 [4]   0 [5]   0
Hits@level+ = [0+] 486 [1+]  28 [2+]  17 [3+]   1 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 67.7069 [1+] 3.90081 [2+] 2.36835 [3+] 0.139315 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.