Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/colpack-1.0.10/BipartiteGraphBicoloring/BipartiteGraphBicoloring.h
Examining data/colpack-1.0.10/BipartiteGraphBicoloring/BipartiteGraphBicoloringInterface.cpp
Examining data/colpack-1.0.10/BipartiteGraphBicoloring/BipartiteGraphBicoloringInterface.h
Examining data/colpack-1.0.10/BipartiteGraphBicoloring/BipartiteGraphCore.cpp
Examining data/colpack-1.0.10/BipartiteGraphBicoloring/BipartiteGraphCore.h
Examining data/colpack-1.0.10/BipartiteGraphBicoloring/BipartiteGraphInputOutput.h
Examining data/colpack-1.0.10/BipartiteGraphBicoloring/BipartiteGraphOrdering.h
Examining data/colpack-1.0.10/BipartiteGraphBicoloring/BipartiteGraphVertexCover.cpp
Examining data/colpack-1.0.10/BipartiteGraphBicoloring/BipartiteGraphVertexCover.h
Examining data/colpack-1.0.10/BipartiteGraphBicoloring/BipartiteGraphBicoloring.cpp
Examining data/colpack-1.0.10/BipartiteGraphBicoloring/BipartiteGraphInputOutput.cpp
Examining data/colpack-1.0.10/BipartiteGraphBicoloring/BipartiteGraphOrdering.cpp
Examining data/colpack-1.0.10/BipartiteGraphPartialColoring/BipartiteGraphPartialColoring.h
Examining data/colpack-1.0.10/BipartiteGraphPartialColoring/BipartiteGraphPartialColoringInterface.cpp
Examining data/colpack-1.0.10/BipartiteGraphPartialColoring/BipartiteGraphPartialColoringInterface.h
Examining data/colpack-1.0.10/BipartiteGraphPartialColoring/BipartiteGraphPartialOrdering.h
Examining data/colpack-1.0.10/BipartiteGraphPartialColoring/BipartiteGraphPartialColoring.cpp
Examining data/colpack-1.0.10/BipartiteGraphPartialColoring/BipartiteGraphPartialOrdering.cpp
Examining data/colpack-1.0.10/GraphColoring/GraphCore.cpp
Examining data/colpack-1.0.10/GraphColoring/GraphCore.h
Examining data/colpack-1.0.10/GraphColoring/GraphInputOutput.h
Examining data/colpack-1.0.10/GraphColoring/GraphOrdering.h
Examining data/colpack-1.0.10/GraphColoring/GraphColoring.cpp
Examining data/colpack-1.0.10/GraphColoring/GraphColoring.h
Examining data/colpack-1.0.10/GraphColoring/GraphColoringInterface.cpp
Examining data/colpack-1.0.10/GraphColoring/GraphColoringInterface.h
Examining data/colpack-1.0.10/GraphColoring/GraphInputOutput.cpp
Examining data/colpack-1.0.10/GraphColoring/GraphOrdering.cpp
Examining data/colpack-1.0.10/Main/ColPackHeaders.h
Examining data/colpack-1.0.10/Main/Definitions.h
Examining data/colpack-1.0.10/Main/Main.cpp
Examining data/colpack-1.0.10/Recovery/HessianRecovery.h
Examining data/colpack-1.0.10/Recovery/JacobianRecovery1D.h
Examining data/colpack-1.0.10/Recovery/JacobianRecovery2D.cpp
Examining data/colpack-1.0.10/Recovery/JacobianRecovery2D.h
Examining data/colpack-1.0.10/Recovery/RecoveryCore.cpp
Examining data/colpack-1.0.10/Recovery/RecoveryCore.h
Examining data/colpack-1.0.10/Recovery/HessianRecovery.cpp
Examining data/colpack-1.0.10/Recovery/JacobianRecovery1D.cpp
Examining data/colpack-1.0.10/SampleDrivers/Basic/Generate_seed_matrix_for_Hessian.cpp
Examining data/colpack-1.0.10/SampleDrivers/Basic/Generate_seed_matrix_for_Jacobian.cpp
Examining data/colpack-1.0.10/SampleDrivers/Basic/color_bipartite_graph_using_BipartiteGraphBicoloringInterface.cpp
Examining data/colpack-1.0.10/SampleDrivers/Basic/color_bipartite_graph_using_BipartiteGraphPartialColoringInterface.cpp
Examining data/colpack-1.0.10/SampleDrivers/Basic/color_graph_using_GraphColoringInterface.cpp
Examining data/colpack-1.0.10/SampleDrivers/Matrix_Compression_and_Recovery/ADIC/01_Column_compression_and_recovery_for_Jacobian_return_ADIC_Format.cpp
Examining data/colpack-1.0.10/SampleDrivers/Matrix_Compression_and_Recovery/ADOL-C/01_Column_compression_and_recovery_for_Jacobian_return_Row_Compressed_Format.cpp
Examining data/colpack-1.0.10/SampleDrivers/Matrix_Compression_and_Recovery/ADOL-C/02_Column_compression_and_recovery_for_Jacobian_return_Coordinate_Format.cpp
Examining data/colpack-1.0.10/SampleDrivers/Matrix_Compression_and_Recovery/ADOL-C/03_Column_compression_and_recovery_for_Jacobian_return_Sparse_Solvers_Format.cpp
Examining data/colpack-1.0.10/SampleDrivers/Matrix_Compression_and_Recovery/ADOL-C/04_Row_compression_and_recovery_for_Jacobian_return_Row_Compressed_Format.cpp
Examining data/colpack-1.0.10/SampleDrivers/Matrix_Compression_and_Recovery/ADOL-C/05_Compression_and_direct_recovery_for_Hessian_return_Row_Compressed_Format.cpp
Examining data/colpack-1.0.10/SampleDrivers/Matrix_Compression_and_Recovery/ADOL-C/06_Compression_and_direct_recovery_for_Hessian_return_Coordinate_Format.cpp
Examining data/colpack-1.0.10/SampleDrivers/Matrix_Compression_and_Recovery/ADOL-C/07_Compression_and_direct_recovery_for_Hessian_return_Sparse_Solvers_Format.cpp
Examining data/colpack-1.0.10/SampleDrivers/Matrix_Compression_and_Recovery/ADOL-C/08_Compression_and_indirect_recovery_for_Hessian_return_Row_Compressed_Format.cpp
Examining data/colpack-1.0.10/SampleDrivers/Matrix_Compression_and_Recovery/ADOL-C/09_Bidirectional_compression_and_recovery_for_Jacobian_return_Row_Compressed_Format.cpp
Examining data/colpack-1.0.10/SampleDrivers/Matrix_Compression_and_Recovery/ADOL-C/10_Column_compression_and_recovery_for_Jacobian_return_Row_Compressed_Format__unmanaged_usermem.cpp
Examining data/colpack-1.0.10/SampleDrivers/Matrix_Compression_and_Recovery/ADOL-C/11_Compression_and_direct_recovery_for_Hessian_return_Row_Compressed_Format__unmanaged_usermem.cpp
Examining data/colpack-1.0.10/SampleDrivers/Matrix_Compression_and_Recovery/ADOL-C/12_Bidirectional_compression_and_recovery_for_Jacobian_return_Row_Compressed_Format__unmanaged_usermem.cpp
Examining data/colpack-1.0.10/SampleDrivers/Matrix_Compression_and_Recovery/CSR_input/01_Column_compression_and_recovery_for_Jacobian_CSR_input_return_Row_Compressed_Format.cpp
Examining data/colpack-1.0.10/SampleDrivers/Matrix_Compression_and_Recovery/SMB/eval_fun_chem.c
Examining data/colpack-1.0.10/SampleDrivers/Matrix_Compression_and_Recovery/SMB/sparse_jac_hess.cpp
Examining data/colpack-1.0.10/Utilities/CoutLock.cpp
Examining data/colpack-1.0.10/Utilities/CoutLock.h
Examining data/colpack-1.0.10/Utilities/DisjointSets.cpp
Examining data/colpack-1.0.10/Utilities/DisjointSets.h
Examining data/colpack-1.0.10/Utilities/File.cpp
Examining data/colpack-1.0.10/Utilities/File.h
Examining data/colpack-1.0.10/Utilities/MatrixDeallocation.cpp
Examining data/colpack-1.0.10/Utilities/MatrixDeallocation.h
Examining data/colpack-1.0.10/Utilities/Pause.cpp
Examining data/colpack-1.0.10/Utilities/Pause.h
Examining data/colpack-1.0.10/Utilities/StringTokenizer.cpp
Examining data/colpack-1.0.10/Utilities/StringTokenizer.h
Examining data/colpack-1.0.10/Utilities/Timer.cpp
Examining data/colpack-1.0.10/Utilities/Timer.h
Examining data/colpack-1.0.10/Utilities/command_line_parameter_processor.cpp
Examining data/colpack-1.0.10/Utilities/command_line_parameter_processor.h
Examining data/colpack-1.0.10/Utilities/current_time.cpp
Examining data/colpack-1.0.10/Utilities/current_time.h
Examining data/colpack-1.0.10/Utilities/extra.h
Examining data/colpack-1.0.10/Utilities/mmio.h
Examining data/colpack-1.0.10/Utilities/stat.h
Examining data/colpack-1.0.10/Utilities/extra.cpp
Examining data/colpack-1.0.10/Utilities/mmio.cpp
Examining data/colpack-1.0.10/Utilities/stat.cpp
Examining data/colpack-1.0.10/main_page.cpp
Examining data/colpack-1.0.10/Example_Use_Library/template.cpp
Examining data/colpack-1.0.10/Example_Try/Main.cpp
FINAL RESULTS:
data/colpack-1.0.10/Utilities/extra.cpp:227:23: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int i_ReturnValue = system(command.c_str());
data/colpack-1.0.10/Utilities/extra.h:263:23: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int i_ReturnValue = system(command.c_str());
data/colpack-1.0.10/Utilities/mmio.cpp:116:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(line, "%s %s %s %s %s", banner, mtx, crd, data_type,
data/colpack-1.0.10/Utilities/mmio.cpp:456:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
return strcpy(s2, s);
data/colpack-1.0.10/Utilities/mmio.cpp:512:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s %s %s %s", types[0], types[1], types[2], types[3]);
data/colpack-1.0.10/GraphColoring/GraphColoring.cpp:6086:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(seed);
data/colpack-1.0.10/Utilities/extra.cpp:909:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/colpack-1.0.10/Utilities/extra.cpp:956:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(0);
data/colpack-1.0.10/Utilities/extra.cpp:974:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(0);
data/colpack-1.0.10/BipartiteGraphBicoloring/BipartiteGraphInputOutput.cpp:178:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(m_s_InputFile.c_str(), "r")) == NULL) {
data/colpack-1.0.10/BipartiteGraphBicoloring/BipartiteGraphInputOutput.cpp:208:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
InputStream.open(m_s_InputFile.c_str());
data/colpack-1.0.10/GraphColoring/GraphColoring.cpp:5554:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
OutputStream.open(s_OutputFile.c_str());
data/colpack-1.0.10/GraphColoring/GraphColoring.cpp:5812:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
OutputStream.open(s_OutputFile.c_str(), ios::app);
data/colpack-1.0.10/GraphColoring/GraphInputOutput.cpp:68:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return(atoi(FieldWidth.c_str()));
data/colpack-1.0.10/GraphColoring/GraphInputOutput.cpp:197:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(m_s_InputFile.c_str(), "r")) == NULL) {
data/colpack-1.0.10/GraphColoring/GraphInputOutput.cpp:576:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
InputStream.open(m_s_InputFile.c_str());
data/colpack-1.0.10/GraphColoring/GraphInputOutput.cpp:674:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
vi_VertexWeights.push_back(atoi(vs_InputTokens[i].c_str()));
data/colpack-1.0.10/GraphColoring/GraphInputOutput.cpp:687:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i_Vertex = STEP_DOWN(atoi(vs_InputTokens[i].c_str()));
data/colpack-1.0.10/GraphColoring/GraphInputOutput.cpp:705:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i_Vertex = STEP_DOWN(atoi(vs_InputTokens[i].c_str()));
data/colpack-1.0.10/GraphColoring/GraphInputOutput.cpp:820:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
InputStream.open(m_s_InputFile.c_str());
data/colpack-1.0.10/GraphColoring/GraphInputOutput.cpp:860:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i_VertexCount = atoi(vs_InputTokens[0].c_str());
data/colpack-1.0.10/GraphColoring/GraphInputOutput.cpp:868:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(atoi(vs_InputTokens[2].c_str()) == 1)
data/colpack-1.0.10/GraphColoring/GraphInputOutput.cpp:873:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(atoi(vs_InputTokens[2].c_str()) == 10)
data/colpack-1.0.10/GraphColoring/GraphInputOutput.cpp:878:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(atoi(vs_InputTokens[2].c_str()) == 11)
data/colpack-1.0.10/GraphColoring/GraphInputOutput.cpp:887:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i_VertexWeights = atoi(vs_InputTokens[3].c_str());
data/colpack-1.0.10/GraphColoring/GraphInputOutput.cpp:913:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
vi_VertexWeights.push_back(atoi(vs_InputTokens[i].c_str()));
data/colpack-1.0.10/GraphColoring/GraphInputOutput.cpp:925:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i_Vertex = STEP_DOWN(atoi(vs_InputTokens[i].c_str()));
data/colpack-1.0.10/GraphColoring/GraphInputOutput.cpp:937:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i_Vertex = STEP_DOWN(atoi(vs_InputTokens[i].c_str()));
data/colpack-1.0.10/SampleDrivers/Matrix_Compression_and_Recovery/SMB/sparse_jac_hess.cpp:173:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_JP = fopen("jac_full.mtx","w");
data/colpack-1.0.10/SampleDrivers/Matrix_Compression_and_Recovery/SMB/sparse_jac_hess.cpp:296:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_JP = fopen("jac_recovered.mtx","w");
data/colpack-1.0.10/Utilities/extra.cpp:1064:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(m_s_InputFile.c_str(), "r")) == NULL) {
data/colpack-1.0.10/Utilities/mmio.cpp:27:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(fname, "r")) == NULL)
data/colpack-1.0.10/Utilities/mmio.cpp:102:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MM_MAX_LINE_LENGTH];
data/colpack-1.0.10/Utilities/mmio.cpp:103:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char banner[MM_MAX_TOKEN_LENGTH];
data/colpack-1.0.10/Utilities/mmio.cpp:104:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mtx[MM_MAX_TOKEN_LENGTH];
data/colpack-1.0.10/Utilities/mmio.cpp:105:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char crd[MM_MAX_TOKEN_LENGTH];
data/colpack-1.0.10/Utilities/mmio.cpp:106:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data_type[MM_MAX_TOKEN_LENGTH];
data/colpack-1.0.10/Utilities/mmio.cpp:107:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char storage_scheme[MM_MAX_TOKEN_LENGTH];
data/colpack-1.0.10/Utilities/mmio.cpp:195:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MM_MAX_LINE_LENGTH];
data/colpack-1.0.10/Utilities/mmio.cpp:226:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MM_MAX_LINE_LENGTH];
data/colpack-1.0.10/Utilities/mmio.cpp:345:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(fname, "r")) == NULL)
data/colpack-1.0.10/Utilities/mmio.cpp:412:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(fname, "w")) == NULL)
data/colpack-1.0.10/Utilities/mmio.cpp:461:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MM_MAX_LINE_LENGTH];
data/colpack-1.0.10/Utilities/mmio.cpp:462:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *types[4];
data/colpack-1.0.10/Utilities/mmio.h:16:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char MM_typecode[4];
data/colpack-1.0.10/Utilities/stat.cpp:48:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stat_out1.open((baseDir+"NumberOfColors"+stat_output_suffix+".csv").c_str(),ios::app);
data/colpack-1.0.10/Utilities/stat.cpp:49:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stat_out2.open((baseDir+"Time"+stat_output_suffix+".csv").c_str(),ios::app);
data/colpack-1.0.10/Utilities/stat.cpp:50:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stat_out3.open((baseDir+"MaxBackDegree"+stat_output_suffix+".csv").c_str(),ios::app);
data/colpack-1.0.10/Utilities/stat.cpp:51:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stat_out4.open((baseDir+"Graph_Stat"+stat_output_suffix+".csv").c_str(),ios::app);
data/colpack-1.0.10/Utilities/stat.cpp:58:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stat_out1.open((baseDir+"NumberOfColors"+stat_output_suffix+".csv").c_str());
data/colpack-1.0.10/Utilities/stat.cpp:59:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stat_out2.open((baseDir+"Time"+stat_output_suffix+".csv").c_str());
data/colpack-1.0.10/Utilities/stat.cpp:60:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stat_out3.open((baseDir+"MaxBackDegree"+stat_output_suffix+".csv").c_str());
data/colpack-1.0.10/Utilities/stat.cpp:61:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stat_out4.open((baseDir+"Graph_Stat"+stat_output_suffix+".csv").c_str());
data/colpack-1.0.10/Utilities/stat.cpp:203:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_NumberOfColors.open((baseDir+"NumberOfColors"+"-Coloring"+stat_output_suffix+".csv").c_str(),ios::app);
data/colpack-1.0.10/Utilities/stat.cpp:209:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_Time.open((baseDir+"Time"+"-Coloring"+"-Coloring"+stat_output_suffix+".csv").c_str(),ios::app);
data/colpack-1.0.10/Utilities/stat.cpp:215:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_MaxBackDegree.open((baseDir+"MaxBackDegree"+"-Coloring"+stat_output_suffix+".csv").c_str(),ios::app);
data/colpack-1.0.10/Utilities/stat.cpp:221:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_Graph_Stat.open((baseDir+"Graph_Stat"+"-Coloring"+stat_output_suffix+".csv").c_str(),ios::app);
data/colpack-1.0.10/Utilities/stat.cpp:228:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_NumberOfColors.open((baseDir+"NumberOfColors"+"-Coloring"+stat_output_suffix+".csv").c_str());
data/colpack-1.0.10/Utilities/stat.cpp:233:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_Time.open((baseDir+"Time"+"-Coloring"+stat_output_suffix+".csv").c_str());
data/colpack-1.0.10/Utilities/stat.cpp:238:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_MaxBackDegree.open((baseDir+"MaxBackDegree"+"-Coloring"+stat_output_suffix+".csv").c_str());
data/colpack-1.0.10/Utilities/stat.cpp:243:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_Graph_Stat.open((baseDir+"Graph_Stat"+"-Coloring"+stat_output_suffix+".csv").c_str());
data/colpack-1.0.10/Utilities/stat.cpp:383:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_Graph_Stat.open((baseDir+"Graph_Stat"+stat_output_suffix+".csv").c_str(),ios::app);
data/colpack-1.0.10/Utilities/stat.cpp:387:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_Graph_Stat.open((baseDir+"Graph_Stat"+stat_output_suffix+".csv").c_str());
data/colpack-1.0.10/Utilities/stat.cpp:431:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_Graph_Stat.open((baseDir+"BiGraph_Stat"+stat_output_suffix+".csv").c_str(),ios::app);
data/colpack-1.0.10/Utilities/stat.cpp:435:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_Graph_Stat.open((baseDir+"BiGraph_Stat"+stat_output_suffix+".csv").c_str());
data/colpack-1.0.10/Utilities/stat.cpp:496:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_NumberOfColors.open((baseDir+"NumberOfColors"+"-BiColoring"+stat_output_suffix+".csv").c_str(),ios::app);
data/colpack-1.0.10/Utilities/stat.cpp:502:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_Time.open((baseDir+"Time"+"-BiColoring"+stat_output_suffix+".csv").c_str(),ios::app);
data/colpack-1.0.10/Utilities/stat.cpp:509:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_NumberOfColors.open((baseDir+"NumberOfColors"+"-BiColoring"+stat_output_suffix+".csv").c_str());
data/colpack-1.0.10/Utilities/stat.cpp:514:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_Time.open((baseDir+"Time"+"-BiColoring"+stat_output_suffix+".csv").c_str());
data/colpack-1.0.10/Utilities/stat.cpp:610:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_NumberOfColors.open((baseDir+"NumberOfColors"+"-PD2Coloring"+stat_output_suffix+".csv").c_str(),ios::app);
data/colpack-1.0.10/Utilities/stat.cpp:616:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_Time.open((baseDir+"Time"+"-PD2Coloring"+stat_output_suffix+".csv").c_str(),ios::app);
data/colpack-1.0.10/Utilities/stat.cpp:623:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_NumberOfColors.open((baseDir+"NumberOfColors"+"-PD2Coloring"+stat_output_suffix+".csv").c_str());
data/colpack-1.0.10/Utilities/stat.cpp:628:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_Time.open((baseDir+"Time"+"-PD2Coloring"+stat_output_suffix+".csv").c_str());
data/colpack-1.0.10/Utilities/Pause.cpp:29:3: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/colpack-1.0.10/Utilities/mmio.cpp:126:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(banner, MatrixMarketBanner, strlen(MatrixMarketBanner)) != 0)
data/colpack-1.0.10/Utilities/mmio.cpp:454:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(s);
ANALYSIS SUMMARY:
Hits = 76
Lines analyzed = 41514 in approximately 1.04 seconds (39785 lines/second)
Physical Source Lines of Code (SLOC) = 25392
Hits@level = [0] 185 [1] 3 [2] 64 [3] 4 [4] 5 [5] 0
Hits@level+ = [0+] 261 [1+] 76 [2+] 73 [3+] 9 [4+] 5 [5+] 0
Hits/KSLOC@level+ = [0+] 10.2788 [1+] 2.99307 [2+] 2.87492 [3+] 0.354442 [4+] 0.196912 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.