Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/dune-pdelab-2.7~20200605/doc/Recipes/recipe-operator-splitting.cc
Examining data/dune-pdelab-2.7~20200605/doc/Recipes/recipe-linear-system-solution-pdelab.cc
Examining data/dune-pdelab-2.7~20200605/doc/Recipes/recipe-linear-system-solution-istl.cc
Examining data/dune-pdelab-2.7~20200605/doc/Recipes/recipe-geometry-grid.cc
Examining data/dune-pdelab-2.7~20200605/doc/Recipes/recipe-grid-function-operations.cc
Examining data/dune-pdelab-2.7~20200605/doc/Recipes/recipe-blocking.cc
Examining data/dune-pdelab-2.7~20200605/doc/Recipes/recipe-integrating-grid-functions.cc
Examining data/dune-pdelab-2.7~20200605/doc/Recipes/recipe-linear-system-assembly.cc
Examining data/dune-pdelab-2.7~20200605/doc/Recipes/recipe-communication.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/common/clock.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/common/logtag.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/common/hostname.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testordering.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testlocalfunctionspace.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testranktransmission.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testnewton.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testelectrodynamic.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testfunction.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testgeneo.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testinterpolate.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testeigenbackend.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testfastdgassembler.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testdglegendre.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testsimplebackend.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/test-transport-ccfv.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testrt02dgridfunctionspace.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testnumericaljacobianmethods.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testvectoriterator.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testnonoverlapping.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testpowergridfunctionspace-fixedsize.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testnonoverlappingsinglephaseflow.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testinstationaryfastdgassembler.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/fem/testfemwithgfs.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testpoisson-periodic-2d.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testmatrixfree.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/test-instationary-with-boundary-constraints.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testdunefunctionsgfs.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testanalytic.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testlocaloperatorinterface.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testconvectiondiffusiondg.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testconstraints.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testopbfem.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testl2.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testrtfem.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testcombinedoperator.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testcomplexnumbers.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testpermutedordering.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testclock.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testinstationary.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testgridfunctionspace.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testlaplacedirichletp12d.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testpk2dinterpolation.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/test-dg-amg.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testpoisson.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testchunkedblockordering.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testgridfunctionspace-fixedsize.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testplasticitygfs.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/test-blocked-istl-ordering.cc
Parsing failed to find end of parameter list; semicolon terminated it in (
flat_r.begin(),flat_r.end(),
blocked_r.begin(),
[](auto x, auto y) { return Dune::FloatCmp::eq(x,y); }
);
if (r.first != flat_r.end())
DUNE_THROW(Dune::Exception,"Found mismat
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testadaptivity.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testloadbalancing.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testheat-instationary-periodic.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testbdmfem.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testoldnewton.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testbindtime.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testnonoverlappingsinglephaseflow-boilerplate.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testelasticity.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testpoisson-periodic-3d.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testutilities.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testrt0.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testdatahandle.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testpk.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testlocalmatrix.cc
Examining data/dune-pdelab-2.7~20200605/dune/pdelab/test/testtimedependentboundary_ovlpqk.cc
FINAL RESULTS:
data/dune-pdelab-2.7~20200605/dune/pdelab/test/testchunkedblockordering.cc:27:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
std::size_t chunk_size = argc > 1 ? atoi(argv[1]) : 5;
data/dune-pdelab-2.7~20200605/dune/pdelab/test/testelasticity.cc:224:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
level = atoi(argv[4]);
data/dune-pdelab-2.7~20200605/doc/Recipes/recipe-operator-splitting.cc:571:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
p_view.read(pw);
data/dune-pdelab-2.7~20200605/doc/Recipes/recipe-operator-splitting.cc:596:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
p_view.read(pw);
data/dune-pdelab-2.7~20200605/doc/Recipes/recipe-operator-splitting.cc:605:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c_view.read(C_i);
data/dune-pdelab-2.7~20200605/doc/Recipes/recipe-operator-splitting.cc:611:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c_view.read(C_o);
data/dune-pdelab-2.7~20200605/doc/Recipes/recipe-operator-splitting.cc:699:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
p_view.read(pw);
data/dune-pdelab-2.7~20200605/doc/Recipes/recipe-operator-splitting.cc:768:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
p_view.read(pw);
data/dune-pdelab-2.7~20200605/dune/pdelab/common/hostname.cc:32:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std::strlen(&buf[0]) == buf.size()-1)
data/dune-pdelab-2.7~20200605/dune/pdelab/test/test-blocked-istl-ordering.cc:65:17: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
auto r = std::mismatch(
data/dune-pdelab-2.7~20200605/dune/pdelab/test/testelectrodynamic.cc:168:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Dune::GmshReader<Grid>::read(factory,
data/dune-pdelab-2.7~20200605/dune/pdelab/test/testloadbalancing.cc:54:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Dune::GmshReader<Grid>::read(factory, GRIDSDIR "/ldomain.msh", true, false);
data/dune-pdelab-2.7~20200605/dune/pdelab/test/testlocalfunctionspace.cc:92:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
x_view.read(xl);
data/dune-pdelab-2.7~20200605/dune/pdelab/test/testlocalfunctionspace.cc:101:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
xp_view.read(xlp);
data/dune-pdelab-2.7~20200605/dune/pdelab/test/testranktransmission.cc:47:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
buffer.read(rank);
ANALYSIS SUMMARY:
Hits = 15
Lines analyzed = 16322 in approximately 0.51 seconds (32188 lines/second)
Physical Source Lines of Code (SLOC) = 11154
Hits@level = [0] 8 [1] 13 [2] 2 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 23 [1+] 15 [2+] 2 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 2.06204 [1+] 1.34481 [2+] 0.179308 [3+] 0 [4+] 0 [5+] 0
Symlinks skipped = 1 (--allowlink overrides but see doc for security issue)
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.