Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/dsdp-5.8/src/solver/dsdpsetup.c
Examining data/dsdp-5.8/src/solver/dsdpcg.c
Examining data/dsdp-5.8/src/solver/dsdpcg.h
Examining data/dsdp-5.8/src/solver/dsdpcone.c
Examining data/dsdp-5.8/src/solver/dsdpcone.h
Examining data/dsdp-5.8/src/solver/dsdpcone_impl.h
Examining data/dsdp-5.8/src/solver/dsdpconverge.c
Examining data/dsdp-5.8/src/solver/dsdpcops.c
Examining data/dsdp-5.8/src/solver/dsdp.h
Examining data/dsdp-5.8/src/solver/dsdpobjcone.c
Examining data/dsdp-5.8/src/solver/dsdprescone.c
Examining data/dsdp-5.8/src/solver/dsdpschurmat.c
Examining data/dsdp-5.8/src/solver/dsdpschurmat.h
Examining data/dsdp-5.8/src/solver/dsdpschurmat_impl.h
Examining data/dsdp-5.8/src/solver/dsdpsetdata.c
Examining data/dsdp-5.8/src/solver/dsdpvec.h
Examining data/dsdp-5.8/src/solver/dualalg.c
Examining data/dsdp-5.8/src/solver/dualimpl.c
Examining data/dsdp-5.8/src/solver/dsdpconverge.h
Examining data/dsdp-5.8/src/solver/dsdpprintout.c
Examining data/dsdp-5.8/src/solver/dsdpsetoptions.c
Examining data/dsdp-5.8/src/solver/dsdpx.c
Examining data/dsdp-5.8/src/solver/dsdpschurmatadd.c
Examining data/dsdp-5.8/src/vecmat/cholmat2.c
Examining data/dsdp-5.8/src/vecmat/cholmat.c
Examining data/dsdp-5.8/src/vecmat/diag.c
Examining data/dsdp-5.8/src/vecmat/dlpack.c
Examining data/dsdp-5.8/src/vecmat/identity.c
Examining data/dsdp-5.8/src/vecmat/numchol.h
Examining data/dsdp-5.8/src/vecmat/onemat.c
Examining data/dsdp-5.8/src/vecmat/sdpalloc.c
Examining data/dsdp-5.8/src/vecmat/sdpdvct.c
Examining data/dsdp-5.8/src/vecmat/sdpexit.c
Examining data/dsdp-5.8/src/vecmat/sdpfun.h
Examining data/dsdp-5.8/src/vecmat/sdpmatx.c
Examining data/dsdp-5.8/src/vecmat/sdpnfac.c
Examining data/dsdp-5.8/src/vecmat/sdporder.c
Examining data/dsdp-5.8/src/vecmat/sdpsymb.c
Examining data/dsdp-5.8/src/vecmat/sdpvec.c
Examining data/dsdp-5.8/src/vecmat/sdpxlist.c
Examining data/dsdp-5.8/src/vecmat/spds.c
Examining data/dsdp-5.8/src/vecmat/vech.c
Examining data/dsdp-5.8/src/vecmat/zeromat.c
Examining data/dsdp-5.8/src/vecmat/dufull.c
Examining data/dsdp-5.8/src/vecmat/rmmat.c
Examining data/dsdp-5.8/src/vecmat/vechu.c
Examining data/dsdp-5.8/src/vecmat/drowcol.c
Examining data/dsdp-5.8/src/vecmat/dtrsm2.c
Examining data/dsdp-5.8/src/bounds/allbounds.c
Examining data/dsdp-5.8/src/bounds/dbounds.c
Examining data/dsdp-5.8/src/sys/dsdperror.c
Examining data/dsdp-5.8/src/sys/dsdplog.c
Examining data/dsdp-5.8/src/sys/dsdploginfo.c
Examining data/dsdp-5.8/src/sys/dsdptime.c
Examining data/dsdp-5.8/src/sdp/dsdpadddata.c
Examining data/dsdp-5.8/src/sdp/dsdpadddatamat.c
Examining data/dsdp-5.8/src/sdp/dsdpblock.c
Examining data/dsdp-5.8/src/sdp/dsdpdatamat.c
Examining data/dsdp-5.8/src/sdp/dsdpdatamat.h
Examining data/dsdp-5.8/src/sdp/dsdpdatamat_impl.h
Examining data/dsdp-5.8/src/sdp/dsdpdsmat.c
Examining data/dsdp-5.8/src/sdp/dsdpdsmat.h
Examining data/dsdp-5.8/src/sdp/dsdpdsmat_impl.h
Examining data/dsdp-5.8/src/sdp/dsdpdualmat.c
Examining data/dsdp-5.8/src/sdp/dsdpdualmat.h
Examining data/dsdp-5.8/src/sdp/dsdpdualmat_impl.h
Examining data/dsdp-5.8/src/sdp/dsdplanczos.h
Examining data/dsdp-5.8/src/sdp/dsdpsdp.h
Examining data/dsdp-5.8/src/sdp/dsdpxmat_impl.h
Examining data/dsdp-5.8/src/sdp/dsdpstep.c
Examining data/dsdp-5.8/src/sdp/dsdpxmat.h
Examining data/dsdp-5.8/src/sdp/printsdpa.c
Examining data/dsdp-5.8/src/sdp/sdpcone.c
Examining data/dsdp-5.8/src/sdp/sdpcompute.c
Examining data/dsdp-5.8/src/sdp/sdpconesetup.c
Examining data/dsdp-5.8/src/sdp/dsdpxmat.c
Examining data/dsdp-5.8/src/sdp/sdpsss.c
Examining data/dsdp-5.8/src/sdp/sdpkcone.c
Examining data/dsdp-5.8/src/sdp/sdpconevec.h
Examining data/dsdp-5.8/src/sdp/sdpconevec.c
Examining data/dsdp-5.8/src/lp/dsdplp.c
Examining data/dsdp-5.8/include/dsdp5.h
Examining data/dsdp-5.8/include/dsdpbasictypes.h
Examining data/dsdp-5.8/include/dsdpsys.h
Examining data/dsdp-5.8/include/dsdpmem.h
Examining data/dsdp-5.8/include/dsdplapack.h
Examining data/dsdp-5.8/examples/maxcut.c
Examining data/dsdp-5.8/examples/theta.c
Examining data/dsdp-5.8/examples/dsdp.c
Examining data/dsdp-5.8/examples/readsdpa.c
Examining data/dsdp-5.8/examples/stable.c
Examining data/dsdp-5.8/examples/color.c
Examining data/dsdp-5.8/pdsdp/PLAPPACK/pdsdpplapack.c
Examining data/dsdp-5.8/pdsdp/PLAPPACK/readsdpa.c
Examining data/dsdp-5.8/pdsdp/PLAPPACK/pdsdp5plapack.h
Examining data/dsdp-5.8/pdsdp/PETSc/readsdpa.c
Examining data/dsdp-5.8/pdsdp/PETSc/pdsdppetsc.c
Examining data/dsdp-5.8/pdsdp/PETSc/pdsdp5petsc.h
Examining data/dsdp-5.8/pdsdp/ScaLAPACK/pdsdp5scalapack.h
Examining data/dsdp-5.8/pdsdp/ScaLAPACK/readsdpa.c
Examining data/dsdp-5.8/pdsdp/ScaLAPACK/maxcut.c
Examining data/dsdp-5.8/pdsdp/ScaLAPACK/pdsdpscalapack.c
FINAL RESULTS:
data/dsdp-5.8/examples/readsdpa.c:126:36: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fgets(thisline,100,fp1); if (sscanf(thisline,"%s",problemname)<1) break;
data/dsdp-5.8/include/dsdpsys.h:79:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DSDPPrintf printf
data/dsdp-5.8/include/dsdpsys.h:83:25: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DSDPErrorPrintf printf
data/dsdp-5.8/pdsdp/PETSc/readsdpa.c:130:36: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fgets(thisline,100,fp1); if (sscanf(thisline,"%s",problemname)<1) break;
data/dsdp-5.8/pdsdp/PLAPPACK/readsdpa.c:129:36: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fgets(thisline,100,fp1); if (sscanf(thisline,"%s",problemname)<1) break;
data/dsdp-5.8/pdsdp/ScaLAPACK/pdsdpscalapack.c:43:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(label,dd);
data/dsdp-5.8/pdsdp/ScaLAPACK/readsdpa.c:129:36: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fgets(thisline,100,fp1); if (sscanf(thisline,"%s",problemname)<1) break;
data/dsdp-5.8/src/solver/dsdpsetoptions.c:162:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(thisline,"%s %s",doption,dvalue)>=2){
data/dsdp-5.8/src/sys/dsdperror.c:34:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string, "[%d] DSDP: %s(): Line %d in file %s ", urank,functionname,linen,filename);
data/dsdp-5.8/src/sys/dsdperror.c:38:3: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(string+len, message, (char *) Argp);
data/dsdp-5.8/src/sys/dsdperror.c:40:3: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(string+len, message, Argp);
data/dsdp-5.8/src/sys/dsdperror.c:46:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(dsdp_history, message, (char *) Argp);
data/dsdp-5.8/src/sys/dsdperror.c:48:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(dsdp_history, message, Argp);
data/dsdp-5.8/src/sys/dsdploginfo.c:76:12: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
ierr = strcat(fname, tname);
data/dsdp-5.8/src/sys/dsdploginfo.c:131:3: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(string+len, message, (char *) Argp);
data/dsdp-5.8/src/sys/dsdploginfo.c:133:3: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(string+len, message, Argp);
data/dsdp-5.8/src/sys/dsdploginfo.c:139:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(dsdp_history, message, (char *) Argp);
data/dsdp-5.8/src/sys/dsdploginfo.c:141:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(dsdp_history, message, Argp);
data/dsdp-5.8/examples/color.c:284:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char thisline[BUFFERSIZ]="*";
data/dsdp-5.8/examples/color.c:291:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp=fopen(filename,"r");
data/dsdp-5.8/examples/dsdp.c:65:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char conetype[30];
data/dsdp-5.8/examples/dsdp.c:67:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *fnames[25]={"stype","obj","pobj","dobj","stopcode","termcode","iterates","r","mu",
data/dsdp-5.8/examples/maxcut.c:243:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char thisline[BUFFERSIZ]="*";
data/dsdp-5.8/examples/maxcut.c:250:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp=fopen(filename,"r");
data/dsdp-5.8/examples/readsdpa.c:88:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char problemname[100],thisline[100], filename[300],savefile[100];
data/dsdp-5.8/examples/readsdpa.c:89:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char directory[100]="/home/benson/sdpexamples/sdplib/";
data/dsdp-5.8/examples/readsdpa.c:90:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outputfile[50]="",suffix[20]=".dat-s", tablename[20]="results-dsdp-5.8";
data/dsdp-5.8/examples/readsdpa.c:107:43: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
strncpy(thisline,argv[i+1],90); fp1=fopen(thisline,"r");runbenchmark=1; justone=0;
data/dsdp-5.8/examples/readsdpa.c:113:60: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (strncmp(argv[i],"-dlogsummary",8)==0){printsummary=atoi(argv[i+1]);}
data/dsdp-5.8/examples/readsdpa.c:118:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp2=fopen(tablename,"a");
data/dsdp-5.8/examples/readsdpa.c:135:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dsdpoutputfile=fopen(outputfile,"a");
data/dsdp-5.8/examples/readsdpa.c:152:69: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (strncmp(argv[i],"-dloginfo",8)==0){ info=DSDPLogInfoAllow(atoi(argv[i+1]),0);};
data/dsdp-5.8/examples/readsdpa.c:339:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp2=fopen(tablename,"a");
data/dsdp-5.8/examples/readsdpa.c:372:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout=fopen(savefile,"w");
data/dsdp-5.8/examples/readsdpa.c:410:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctmp,refline[BUFFERSIZ]="*",thisline[BUFFERSIZ]="*";
data/dsdp-5.8/examples/readsdpa.c:420:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp=fopen(filename,"r");
data/dsdp-5.8/examples/readsdpa.c:861:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iloginfo=atoi(runargs[kk+1]);
data/dsdp-5.8/examples/readsdpa.c:886:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
printlevel=atoi(runargs[kk+1]);
data/dsdp-5.8/examples/readsdpa.c:904:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename,"r");
data/dsdp-5.8/examples/stable.c:225:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char thisline[BUFFERSIZ]="*";
data/dsdp-5.8/examples/stable.c:231:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp=fopen(filename,"r");
data/dsdp-5.8/examples/theta.c:184:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char thisline[BUFFERSIZ]="*";
data/dsdp-5.8/examples/theta.c:190:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp=fopen(filename,"r");
data/dsdp-5.8/pdsdp/PETSc/readsdpa.c:97:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char problemname[100],thisline[100], filename[300],savefile[100];
data/dsdp-5.8/pdsdp/PETSc/readsdpa.c:98:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char directory[100]="/home/benson/sdpexamples/sdplib/";
data/dsdp-5.8/pdsdp/PETSc/readsdpa.c:99:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outputfile[50]="",suffix[20]=".dat-s", tablename[20]="results-dsdp-5.7";
data/dsdp-5.8/pdsdp/PETSc/readsdpa.c:116:43: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
strncpy(thisline,argv[i+1],90); fp1=fopen(thisline,"r");runbenchmark=1; justone=0;
data/dsdp-5.8/pdsdp/PETSc/readsdpa.c:122:60: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (strncmp(argv[i],"-dlogsummary",8)==0){printsummary=atoi(argv[i+1]);}
data/dsdp-5.8/pdsdp/PETSc/readsdpa.c:139:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dsdpoutputfile=fopen(outputfile,"a");
data/dsdp-5.8/pdsdp/PETSc/readsdpa.c:156:69: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (strncmp(argv[i],"-dloginfo",8)==0){ info=DSDPLogInfoAllow(atoi(argv[i+1]),0);};
data/dsdp-5.8/pdsdp/PETSc/readsdpa.c:339:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp2=fopen(tablename,"a");
data/dsdp-5.8/pdsdp/PETSc/readsdpa.c:369:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout=fopen(savefile,"w");
data/dsdp-5.8/pdsdp/PETSc/readsdpa.c:402:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctmp,refline[BUFFERSIZ]="*",thisline[BUFFERSIZ]="*";
data/dsdp-5.8/pdsdp/PETSc/readsdpa.c:412:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp=fopen(filename,"r");
data/dsdp-5.8/pdsdp/PETSc/readsdpa.c:844:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iloginfo=atoi(runargs[kk+1]);
data/dsdp-5.8/pdsdp/PETSc/readsdpa.c:869:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
printlevel=atoi(runargs[kk+1]);
data/dsdp-5.8/pdsdp/PETSc/readsdpa.c:887:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename,"r");
data/dsdp-5.8/pdsdp/PLAPPACK/readsdpa.c:96:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char problemname[100],thisline[100], filename[300],savefile[100];
data/dsdp-5.8/pdsdp/PLAPPACK/readsdpa.c:97:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char directory[100]="/home/benson/sdpexamples/sdplib/";
data/dsdp-5.8/pdsdp/PLAPPACK/readsdpa.c:98:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outputfile[50]="",suffix[20]=".dat-s", tablename[20]="results-dsdp-5.7";
data/dsdp-5.8/pdsdp/PLAPPACK/readsdpa.c:115:43: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
strncpy(thisline,argv[i+1],90); fp1=fopen(thisline,"r");runbenchmark=1; justone=0;
data/dsdp-5.8/pdsdp/PLAPPACK/readsdpa.c:121:60: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (strncmp(argv[i],"-dlogsummary",8)==0){printsummary=atoi(argv[i+1]);}
data/dsdp-5.8/pdsdp/PLAPPACK/readsdpa.c:138:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dsdpoutputfile=fopen(outputfile,"a");
data/dsdp-5.8/pdsdp/PLAPPACK/readsdpa.c:155:69: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (strncmp(argv[i],"-dloginfo",8)==0){ info=DSDPLogInfoAllow(atoi(argv[i+1]),0);};
data/dsdp-5.8/pdsdp/PLAPPACK/readsdpa.c:348:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp2=fopen(tablename,"a");
data/dsdp-5.8/pdsdp/PLAPPACK/readsdpa.c:378:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout=fopen(savefile,"w");
data/dsdp-5.8/pdsdp/PLAPPACK/readsdpa.c:411:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctmp,refline[BUFFERSIZ]="*",thisline[BUFFERSIZ]="*";
data/dsdp-5.8/pdsdp/PLAPPACK/readsdpa.c:421:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp=fopen(filename,"r");
data/dsdp-5.8/pdsdp/PLAPPACK/readsdpa.c:853:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iloginfo=atoi(runargs[kk+1]);
data/dsdp-5.8/pdsdp/PLAPPACK/readsdpa.c:878:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
printlevel=atoi(runargs[kk+1]);
data/dsdp-5.8/pdsdp/PLAPPACK/readsdpa.c:896:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename,"r");
data/dsdp-5.8/pdsdp/ScaLAPACK/maxcut.c:248:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char thisline[BUFFERSIZ]="*";
data/dsdp-5.8/pdsdp/ScaLAPACK/maxcut.c:255:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp=fopen(filename,"r");
data/dsdp-5.8/pdsdp/ScaLAPACK/readsdpa.c:96:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char problemname[100],thisline[100], filename[300],savefile[100];
data/dsdp-5.8/pdsdp/ScaLAPACK/readsdpa.c:97:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char directory[100]="/home/benson/sdpexamples/sdplib/";
data/dsdp-5.8/pdsdp/ScaLAPACK/readsdpa.c:98:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outputfile[50]="",suffix[20]=".dat-s", tablename[20]="results-dsdp-5.7";
data/dsdp-5.8/pdsdp/ScaLAPACK/readsdpa.c:115:43: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
strncpy(thisline,argv[i+1],90); fp1=fopen(thisline,"r");runbenchmark=1; justone=0;
data/dsdp-5.8/pdsdp/ScaLAPACK/readsdpa.c:121:60: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (strncmp(argv[i],"-dlogsummary",8)==0){printsummary=atoi(argv[i+1]);}
data/dsdp-5.8/pdsdp/ScaLAPACK/readsdpa.c:138:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dsdpoutputfile=fopen(outputfile,"a");
data/dsdp-5.8/pdsdp/ScaLAPACK/readsdpa.c:155:69: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (strncmp(argv[i],"-dloginfo",8)==0){ info=DSDPLogInfoAllow(atoi(argv[i+1]),0);};
data/dsdp-5.8/pdsdp/ScaLAPACK/readsdpa.c:338:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp2=fopen(tablename,"a");
data/dsdp-5.8/pdsdp/ScaLAPACK/readsdpa.c:368:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout=fopen(savefile,"w");
data/dsdp-5.8/pdsdp/ScaLAPACK/readsdpa.c:401:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctmp,refline[BUFFERSIZ]="*",thisline[BUFFERSIZ]="*";
data/dsdp-5.8/pdsdp/ScaLAPACK/readsdpa.c:411:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp=fopen(filename,"r");
data/dsdp-5.8/pdsdp/ScaLAPACK/readsdpa.c:843:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iloginfo=atoi(runargs[kk+1]);
data/dsdp-5.8/pdsdp/ScaLAPACK/readsdpa.c:868:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
printlevel=atoi(runargs[kk+1]);
data/dsdp-5.8/pdsdp/ScaLAPACK/readsdpa.c:886:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename,"r");
data/dsdp-5.8/src/sdp/dsdpdatamat.c:38:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char datamatnoname[20]="MATRIX NOT SET";
data/dsdp-5.8/src/sdp/printsdpa.c:168:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[100]="";
data/dsdp-5.8/src/sdp/printsdpa.c:177:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp=fopen("input.sdpa","w");
data/dsdp-5.8/src/sdp/sdpconevec.c:109:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(val2,val1,n*sizeof(double));
data/dsdp-5.8/src/solver/dsdpcops.c:524:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char conename[100];
data/dsdp-5.8/src/solver/dsdpschurmat.c:658:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)rnnz,(void*)(iptr+1),(mm)*sizeof(int));
data/dsdp-5.8/src/solver/dsdpsetoptions.c:63:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rpos=atoi(runargs[kk+1]);
data/dsdp-5.8/src/solver/dsdpsetoptions.c:66:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxit=atoi(runargs[kk+1]);
data/dsdp-5.8/src/solver/dsdpsetoptions.c:84:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
drho=atoi(runargs[kk+1]);
data/dsdp-5.8/src/solver/dsdpsetoptions.c:102:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
reuse=atoi(runargs[kk+1]);
data/dsdp-5.8/src/solver/dsdpsetoptions.c:116:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iloginfo=atoi(runargs[kk+1]);
data/dsdp-5.8/src/solver/dsdpsetoptions.c:148:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char thisline[BUFFERSIZ]="%",doption[STRLENGTH],dvalue[STRLENGTH];
data/dsdp-5.8/src/solver/dsdpsetoptions.c:149:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fargs[2*MAXOPTIONS][STRLENGTH];
data/dsdp-5.8/src/solver/dsdpsetoptions.c:150:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *fargs2[2*MAXOPTIONS];
data/dsdp-5.8/src/solver/dsdpsetoptions.c:157:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp=fopen(filename,"r");
data/dsdp-5.8/src/sys/dsdperror.c:23:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[8*1024];
data/dsdp-5.8/src/sys/dsdperror.c:62:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[20];
data/dsdp-5.8/src/sys/dsdplog.c:18:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ename[DSDP_MAX_EVENT_NAME_LENGTH];
data/dsdp-5.8/src/sys/dsdploginfo.c:69:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[DSDP_MAX_PATH_LEN], tname[5];
data/dsdp-5.8/src/sys/dsdploginfo.c:75:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tname, ".%d", prank);
data/dsdp-5.8/src/sys/dsdploginfo.c:117:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[8*1024];
data/dsdp-5.8/src/sys/dsdploginfo.c:128:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "[%d][%2d] DSDP: ", rank,outlevel);
data/dsdp-5.8/src/vecmat/cholmat2.c:63:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)rw1,(void*)(xr),(row+1)*sizeof(double));
data/dsdp-5.8/src/vecmat/cholmat2.c:66:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)(rw2),(void*)(xr),(row+2)*sizeof(double));
data/dsdp-5.8/src/vecmat/cholmat2.c:83:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)(rw1),(void*)(xr),(row+1)*sizeof(double));
data/dsdp-5.8/src/vecmat/cholmat2.c:102:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)rw1,(void*)(xr),(row+1)*sizeof(double));
data/dsdp-5.8/src/vecmat/cholmat2.c:105:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)(rw2),(void*)(xr),(row+2)*sizeof(double));
data/dsdp-5.8/src/vecmat/cholmat2.c:121:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)(rw1),(void*)(xr),(row+1)*sizeof(double));
data/dsdp-5.8/src/vecmat/cholmat2.c:153:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x,b,n*sizeof(double));
data/dsdp-5.8/src/vecmat/cholmat2.c:271:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)(v+i*n),(void*)x,n*sizeof(double));
data/dsdp-5.8/src/vecmat/dlpack.c:324:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x,b,N*sizeof(double));
data/dsdp-5.8/src/vecmat/dlpack.c:376:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)AP,(void*)v,nn*sizeof(double));
data/dsdp-5.8/src/vecmat/dlpack.c:380:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)AP,(void*)v,nn*sizeof(double));
data/dsdp-5.8/src/vecmat/dlpack.c:474:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)vv,(void*)v,nn*sizeof(double));
data/dsdp-5.8/src/vecmat/dlpack.c:839:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)(an+n*row),(void*)v,n*sizeof(double));
data/dsdp-5.8/src/vecmat/dlpack.c:847:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)eigenvector,(void*)(an+n*row),n*sizeof(double));
data/dsdp-5.8/src/vecmat/dufull.c:213:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(W,X,n*sizeof(double));
data/dsdp-5.8/src/vecmat/dufull.c:218:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(W,X,n*sizeof(double));
data/dsdp-5.8/src/vecmat/dufull.c:462:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x,b,N*sizeof(double));
data/dsdp-5.8/src/vecmat/dufull.c:544:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)AP,(void*)v,nn*sizeof(double));
data/dsdp-5.8/src/vecmat/dufull.c:548:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)AP,(void*)v,nn*sizeof(double));
data/dsdp-5.8/src/vecmat/dufull.c:672:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)vv,(void*)v,(i+1)*sizeof(double));
data/dsdp-5.8/src/vecmat/dufull.c:685:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)vv,(void*)v,(i+1)*sizeof(double));
data/dsdp-5.8/src/vecmat/dufull.c:881:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)vv,(void*)v,nn*sizeof(double));
data/dsdp-5.8/src/vecmat/dufull.c:1204:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)(an+n*row),(void*)v,n*sizeof(double));
data/dsdp-5.8/src/vecmat/dufull.c:1212:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)eigenvector,(void*)(an+n*row),n*sizeof(double));
data/dsdp-5.8/src/vecmat/dufull.c:1332:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)dmatarray,(void*)val,n*n*sizeof(double));
data/dsdp-5.8/src/vecmat/dufull.c:1349:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)dmatarray,(void*)val,n*n*sizeof(double));
data/dsdp-5.8/src/vecmat/sdpdvct.c:52:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d,s,n*sizeof(int));
data/dsdp-5.8/src/vecmat/sdpdvct.c:70:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (n) memcpy(d,s,n*sizeof(double));
data/dsdp-5.8/src/vecmat/sdpmatx.c:262:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x,b,nrow*sizeof(double));
data/dsdp-5.8/src/vecmat/sdpmatx.c:573:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x,b,n*sizeof(double));
data/dsdp-5.8/src/vecmat/sdpvec.c:152:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(val2,val1,n*sizeof(double));
data/dsdp-5.8/src/vecmat/vech.c:276:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)eigenvector,(void*)(an+n*row),n*sizeof(double));
data/dsdp-5.8/src/vecmat/vechu.c:264:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)eigenvector,(void*)(an+n*row),n*sizeof(double));
data/dsdp-5.8/examples/readsdpa.c:107:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(thisline,argv[i+1],90); fp1=fopen(thisline,"r");runbenchmark=1; justone=0;
data/dsdp-5.8/examples/readsdpa.c:109:45: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (strncmp(argv[i],"-directory",8)==0){strncpy(directory,argv[i+1],90);}
data/dsdp-5.8/examples/readsdpa.c:110:41: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (strncmp(argv[i],"-table",4)==0){strncpy(tablename,argv[i+1],90);};
data/dsdp-5.8/examples/readsdpa.c:111:42: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (strncmp(argv[i],"-suffix",4)==0){strncpy(suffix,argv[i+1],20);};
data/dsdp-5.8/examples/readsdpa.c:112:41: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (strncmp(argv[i],"-save",5)==0){ strncpy(savefile,argv[i+1],40);saveit=1;};
data/dsdp-5.8/examples/readsdpa.c:114:50: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (rank==0&&strncmp(argv[i],"-fout",5)==0){ strncpy(outputfile,argv[i+1],45);fileout=1;};
data/dsdp-5.8/examples/readsdpa.c:127:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(filename,directory,90); strncat(filename,problemname,90);strncat(filename,suffix,90);
data/dsdp-5.8/examples/readsdpa.c:127:39: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncpy(filename,directory,90); strncat(filename,problemname,90);strncat(filename,suffix,90);
data/dsdp-5.8/examples/readsdpa.c:127:72: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncpy(filename,directory,90); strncat(filename,problemname,90);strncat(filename,suffix,90);
data/dsdp-5.8/examples/readsdpa.c:130:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(filename,argv[1],90);
data/dsdp-5.8/examples/readsdpa.c:131:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(problemname,argv[1],90);
data/dsdp-5.8/examples/readsdpa.c:540:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (k==0){strncpy(refline,thisline,BUFFERSIZ-1); }
data/dsdp-5.8/pdsdp/PETSc/readsdpa.c:116:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(thisline,argv[i+1],90); fp1=fopen(thisline,"r");runbenchmark=1; justone=0;
data/dsdp-5.8/pdsdp/PETSc/readsdpa.c:118:45: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (strncmp(argv[i],"-directory",8)==0){strncpy(directory,argv[i+1],90);}
data/dsdp-5.8/pdsdp/PETSc/readsdpa.c:119:41: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (strncmp(argv[i],"-table",4)==0){strncpy(tablename,argv[i+1],90);};
data/dsdp-5.8/pdsdp/PETSc/readsdpa.c:120:42: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (strncmp(argv[i],"-suffix",4)==0){strncpy(suffix,argv[i+1],20);};
data/dsdp-5.8/pdsdp/PETSc/readsdpa.c:121:41: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (strncmp(argv[i],"-save",5)==0){ strncpy(savefile,argv[i+1],40);saveit=1;};
data/dsdp-5.8/pdsdp/PETSc/readsdpa.c:123:50: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (rank==0&&strncmp(argv[i],"-fout",5)==0){ strncpy(outputfile,argv[i+1],45);fileout=1;};
data/dsdp-5.8/pdsdp/PETSc/readsdpa.c:131:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(filename,directory,90); strncat(filename,problemname,90);strncat(filename,suffix,90);
data/dsdp-5.8/pdsdp/PETSc/readsdpa.c:131:39: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncpy(filename,directory,90); strncat(filename,problemname,90);strncat(filename,suffix,90);
data/dsdp-5.8/pdsdp/PETSc/readsdpa.c:131:72: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncpy(filename,directory,90); strncat(filename,problemname,90);strncat(filename,suffix,90);
data/dsdp-5.8/pdsdp/PETSc/readsdpa.c:134:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(filename,argv[1],90);
data/dsdp-5.8/pdsdp/PETSc/readsdpa.c:135:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(problemname,argv[1],90);
data/dsdp-5.8/pdsdp/PETSc/readsdpa.c:524:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (k==0){strncpy(refline,thisline,BUFFERSIZ-1); }
data/dsdp-5.8/pdsdp/PLAPPACK/readsdpa.c:115:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(thisline,argv[i+1],90); fp1=fopen(thisline,"r");runbenchmark=1; justone=0;
data/dsdp-5.8/pdsdp/PLAPPACK/readsdpa.c:117:45: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (strncmp(argv[i],"-directory",8)==0){strncpy(directory,argv[i+1],90);}
data/dsdp-5.8/pdsdp/PLAPPACK/readsdpa.c:118:41: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (strncmp(argv[i],"-table",4)==0){strncpy(tablename,argv[i+1],90);};
data/dsdp-5.8/pdsdp/PLAPPACK/readsdpa.c:119:42: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (strncmp(argv[i],"-suffix",4)==0){strncpy(suffix,argv[i+1],20);};
data/dsdp-5.8/pdsdp/PLAPPACK/readsdpa.c:120:41: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (strncmp(argv[i],"-save",5)==0){ strncpy(savefile,argv[i+1],40);saveit=1;};
data/dsdp-5.8/pdsdp/PLAPPACK/readsdpa.c:122:50: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (rank==0&&strncmp(argv[i],"-fout",5)==0){ strncpy(outputfile,argv[i+1],45);fileout=1;};
data/dsdp-5.8/pdsdp/PLAPPACK/readsdpa.c:130:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(filename,directory,90); strncat(filename,problemname,90);strncat(filename,suffix,90);
data/dsdp-5.8/pdsdp/PLAPPACK/readsdpa.c:130:39: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncpy(filename,directory,90); strncat(filename,problemname,90);strncat(filename,suffix,90);
data/dsdp-5.8/pdsdp/PLAPPACK/readsdpa.c:130:72: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncpy(filename,directory,90); strncat(filename,problemname,90);strncat(filename,suffix,90);
data/dsdp-5.8/pdsdp/PLAPPACK/readsdpa.c:133:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(filename,argv[1],90);
data/dsdp-5.8/pdsdp/PLAPPACK/readsdpa.c:134:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(problemname,argv[1],90);
data/dsdp-5.8/pdsdp/PLAPPACK/readsdpa.c:533:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (k==0){strncpy(refline,thisline,BUFFERSIZ-1); }
data/dsdp-5.8/pdsdp/ScaLAPACK/readsdpa.c:115:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(thisline,argv[i+1],90); fp1=fopen(thisline,"r");runbenchmark=1; justone=0;
data/dsdp-5.8/pdsdp/ScaLAPACK/readsdpa.c:117:45: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (strncmp(argv[i],"-directory",8)==0){strncpy(directory,argv[i+1],90);}
data/dsdp-5.8/pdsdp/ScaLAPACK/readsdpa.c:118:41: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (strncmp(argv[i],"-table",4)==0){strncpy(tablename,argv[i+1],90);};
data/dsdp-5.8/pdsdp/ScaLAPACK/readsdpa.c:119:42: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (strncmp(argv[i],"-suffix",4)==0){strncpy(suffix,argv[i+1],20);};
data/dsdp-5.8/pdsdp/ScaLAPACK/readsdpa.c:120:41: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (strncmp(argv[i],"-save",5)==0){ strncpy(savefile,argv[i+1],40);saveit=1;};
data/dsdp-5.8/pdsdp/ScaLAPACK/readsdpa.c:122:50: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (rank==0&&strncmp(argv[i],"-fout",5)==0){ strncpy(outputfile,argv[i+1],45);fileout=1;};
data/dsdp-5.8/pdsdp/ScaLAPACK/readsdpa.c:130:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(filename,directory,90); strncat(filename,problemname,90);strncat(filename,suffix,90);
data/dsdp-5.8/pdsdp/ScaLAPACK/readsdpa.c:130:39: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncpy(filename,directory,90); strncat(filename,problemname,90);strncat(filename,suffix,90);
data/dsdp-5.8/pdsdp/ScaLAPACK/readsdpa.c:130:72: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncpy(filename,directory,90); strncat(filename,problemname,90);strncat(filename,suffix,90);
data/dsdp-5.8/pdsdp/ScaLAPACK/readsdpa.c:133:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(filename,argv[1],90);
data/dsdp-5.8/pdsdp/ScaLAPACK/readsdpa.c:134:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(problemname,argv[1],90);
data/dsdp-5.8/pdsdp/ScaLAPACK/readsdpa.c:523:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (k==0){strncpy(refline,thisline,BUFFERSIZ-1); }
data/dsdp-5.8/src/sdp/printsdpa.c:175:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(filename,"output.sdpa",50);
data/dsdp-5.8/src/solver/dsdpcone.c:429:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cname,K.dsdpops->name,maxlength);
data/dsdp-5.8/src/solver/dsdpsetoptions.c:164:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fargs[2*line],doption,STRLENGTH-1);
data/dsdp-5.8/src/solver/dsdpsetoptions.c:165:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fargs[2*line+1],dvalue,STRLENGTH-1);
data/dsdp-5.8/src/sys/dsdperror.c:35:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(string);
data/dsdp-5.8/src/sys/dsdperror.c:92:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(DSDPMemoryTable[mmmem].fname,fname,19);
data/dsdp-5.8/src/sys/dsdplog.c:67:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(eventlog.event[id].ename,ename,DSDP_MAX_EVENT_NAME_LENGTH-1);
data/dsdp-5.8/src/sys/dsdplog.c:84:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy(eventlog.event[i].ename,"",DSDP_MAX_EVENT_NAME_LENGTH-1);
data/dsdp-5.8/src/sys/dsdploginfo.c:129:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(string);
ANALYSIS SUMMARY:
Hits = 199
Lines analyzed = 36842 in approximately 1.09 seconds (33898 lines/second)
Physical Source Lines of Code (SLOC) = 27102
Hits@level = [0] 641 [1] 57 [2] 124 [3] 0 [4] 18 [5] 0
Hits@level+ = [0+] 840 [1+] 199 [2+] 142 [3+] 18 [4+] 18 [5+] 0
Hits/KSLOC@level+ = [0+] 30.994 [1+] 7.34263 [2+] 5.23947 [3+] 0.664158 [4+] 0.664158 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.