Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/dune-pdelab-2.7~20200605/doc/Recipes/recipe-operator-splitting.cc Examining data/dune-pdelab-2.7~20200605/doc/Recipes/recipe-linear-system-solution-pdelab.cc Examining data/dune-pdelab-2.7~20200605/doc/Recipes/recipe-linear-system-solution-istl.cc Examining data/dune-pdelab-2.7~20200605/doc/Recipes/recipe-geometry-grid.cc Examining data/dune-pdelab-2.7~20200605/doc/Recipes/recipe-grid-function-operations.cc Examining data/dune-pdelab-2.7~20200605/doc/Recipes/recipe-blocking.cc Examining data/dune-pdelab-2.7~20200605/doc/Recipes/recipe-integrating-grid-functions.cc Examining data/dune-pdelab-2.7~20200605/doc/Recipes/recipe-linear-system-assembly.cc Examining data/dune-pdelab-2.7~20200605/doc/Recipes/recipe-communication.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/common/clock.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/common/logtag.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/common/hostname.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testordering.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testlocalfunctionspace.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testranktransmission.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testnewton.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testelectrodynamic.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testfunction.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testgeneo.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testinterpolate.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testeigenbackend.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testfastdgassembler.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testdglegendre.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testsimplebackend.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/test-transport-ccfv.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testrt02dgridfunctionspace.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testnumericaljacobianmethods.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testvectoriterator.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testnonoverlapping.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testpowergridfunctionspace-fixedsize.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testnonoverlappingsinglephaseflow.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testinstationaryfastdgassembler.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/fem/testfemwithgfs.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testpoisson-periodic-2d.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testmatrixfree.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/test-instationary-with-boundary-constraints.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testdunefunctionsgfs.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testanalytic.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testlocaloperatorinterface.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testconvectiondiffusiondg.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testconstraints.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testopbfem.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testl2.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testrtfem.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testcombinedoperator.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testcomplexnumbers.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testpermutedordering.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testclock.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testinstationary.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testgridfunctionspace.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testlaplacedirichletp12d.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testpk2dinterpolation.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/test-dg-amg.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testpoisson.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testchunkedblockordering.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testgridfunctionspace-fixedsize.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testplasticitygfs.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/test-blocked-istl-ordering.cc Parsing failed to find end of parameter list; semicolon terminated it in ( flat_r.begin(),flat_r.end(), blocked_r.begin(), [](auto x, auto y) { return Dune::FloatCmp::eq(x,y); } ); if (r.first != flat_r.end()) DUNE_THROW(Dune::Exception,"Found mismat Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testadaptivity.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testloadbalancing.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testheat-instationary-periodic.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testbdmfem.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testoldnewton.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testbindtime.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testnonoverlappingsinglephaseflow-boilerplate.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testelasticity.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testpoisson-periodic-3d.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testutilities.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testrt0.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testdatahandle.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testpk.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testlocalmatrix.cc Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testtimedependentboundary_ovlpqk.cc FINAL RESULTS: data/dune-pdelab-2.7~20200605/dune/pdelab/test/testchunkedblockordering.cc:27:41: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). std::size_t chunk_size = argc > 1 ? atoi(argv[1]) : 5; data/dune-pdelab-2.7~20200605/dune/pdelab/test/testelasticity.cc:224:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). level = atoi(argv[4]); data/dune-pdelab-2.7~20200605/doc/Recipes/recipe-operator-splitting.cc:571:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). p_view.read(pw); data/dune-pdelab-2.7~20200605/doc/Recipes/recipe-operator-splitting.cc:596:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). p_view.read(pw); data/dune-pdelab-2.7~20200605/doc/Recipes/recipe-operator-splitting.cc:605:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c_view.read(C_i); data/dune-pdelab-2.7~20200605/doc/Recipes/recipe-operator-splitting.cc:611:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c_view.read(C_o); data/dune-pdelab-2.7~20200605/doc/Recipes/recipe-operator-splitting.cc:699:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). p_view.read(pw); data/dune-pdelab-2.7~20200605/doc/Recipes/recipe-operator-splitting.cc:768:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). p_view.read(pw); data/dune-pdelab-2.7~20200605/dune/pdelab/common/hostname.cc:32:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). std::strlen(&buf[0]) == buf.size()-1) data/dune-pdelab-2.7~20200605/dune/pdelab/test/test-blocked-istl-ordering.cc:65:17: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. auto r = std::mismatch( data/dune-pdelab-2.7~20200605/dune/pdelab/test/testelectrodynamic.cc:168:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Dune::GmshReader<Grid>::read(factory, data/dune-pdelab-2.7~20200605/dune/pdelab/test/testloadbalancing.cc:54:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Dune::GmshReader<Grid>::read(factory, GRIDSDIR "/ldomain.msh", true, false); data/dune-pdelab-2.7~20200605/dune/pdelab/test/testlocalfunctionspace.cc:92:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x_view.read(xl); data/dune-pdelab-2.7~20200605/dune/pdelab/test/testlocalfunctionspace.cc:101:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). xp_view.read(xlp); data/dune-pdelab-2.7~20200605/dune/pdelab/test/testranktransmission.cc:47:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). buffer.read(rank); ANALYSIS SUMMARY: Hits = 15 Lines analyzed = 16322 in approximately 0.51 seconds (32188 lines/second) Physical Source Lines of Code (SLOC) = 11154 Hits@level = [0] 8 [1] 13 [2] 2 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 23 [1+] 15 [2+] 2 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 2.06204 [1+] 1.34481 [2+] 0.179308 [3+] 0 [4+] 0 [5+] 0 Symlinks skipped = 1 (--allowlink overrides but see doc for security issue) Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.