Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/etl-1.2.2/ETL/_pen.h
Examining data/etl-1.2.2/ETL/_value.h
Examining data/etl-1.2.2/ETL/etl_profile.h
Examining data/etl-1.2.2/ETL/etl_config.h
Examining data/etl-1.2.2/ETL/_smach.h
Examining data/etl-1.2.2/ETL/_bspline.h
Examining data/etl-1.2.2/ETL/_mutex_null.h
Examining data/etl-1.2.2/ETL/_angle.h
Examining data/etl-1.2.2/ETL/_boxblur.h
Examining data/etl-1.2.2/ETL/_fastangle.h
Examining data/etl-1.2.2/ETL/_bezier_angle.h
Examining data/etl-1.2.2/ETL/_condition.h
Examining data/etl-1.2.2/ETL/_clock_base.h
Examining data/etl-1.2.2/ETL/_fastangle_tables.h
Examining data/etl-1.2.2/ETL/_calculus.h
Examining data/etl-1.2.2/ETL/_clock_gettimeofday.h
Examining data/etl-1.2.2/ETL/_status.h
Examining data/etl-1.2.2/ETL/_clock_win32hpcount.h
Examining data/etl-1.2.2/ETL/_ref_count.h
Examining data/etl-1.2.2/ETL/_curve_func.h
Examining data/etl-1.2.2/ETL/_hermite.h
Examining data/etl-1.2.2/ETL/_misc.h
Examining data/etl-1.2.2/ETL/_handle.h
Examining data/etl-1.2.2/ETL/_mutex_pthreads_simple.h
Examining data/etl-1.2.2/ETL/_trivial.h
Examining data/etl-1.2.2/ETL/_thread.h
Examining data/etl-1.2.2/ETL/_curve.h
Examining data/etl-1.2.2/ETL/_bit_rotate.h
Examining data/etl-1.2.2/ETL/_random.h
Examining data/etl-1.2.2/ETL/_mutex_pthreads.h
Examining data/etl-1.2.2/ETL/_fixed.h
Examining data/etl-1.2.2/ETL/_bezier.h
Examining data/etl-1.2.2/ETL/_rect.h
Examining data/etl-1.2.2/ETL/_smart_ptr.h
Examining data/etl-1.2.2/ETL/_clock_system.h
Examining data/etl-1.2.2/ETL/_stringf.h
Examining data/etl-1.2.2/ETL/_gaussian.h
Examining data/etl-1.2.2/ETL/_rwlock.h
Examining data/etl-1.2.2/ETL/_surface.h
Examining data/etl-1.2.2/ETL/_mutex_win32.h
Examining data/etl-1.2.2/test/stringf.cpp
Examining data/etl-1.2.2/test/smart_ptr.cpp
Examining data/etl-1.2.2/test/fixed.cpp
Examining data/etl-1.2.2/test/surface.cpp
Examining data/etl-1.2.2/test/random.cpp
Examining data/etl-1.2.2/test/angle.cpp
Examining data/etl-1.2.2/test/spline.cpp
Examining data/etl-1.2.2/test/pen.cpp
Examining data/etl-1.2.2/test/handle.cpp
Examining data/etl-1.2.2/test/benchmark.cpp
Examining data/etl-1.2.2/test/hermite.cpp
Examining data/etl-1.2.2/test/clock.cpp
Examining data/etl-1.2.2/test/smach.cpp
Examining data/etl-1.2.2/test/value.cpp
FINAL RESULTS:
data/etl-1.2.2/ETL/_bezier.h:274:14: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
value_type system[4];
data/etl-1.2.2/ETL/_bezier.h:275:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system[0]=_coeff[0]-x._coeff[0];
data/etl-1.2.2/ETL/_bezier.h:276:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system[1]=_coeff[1]-x._coeff[1];
data/etl-1.2.2/ETL/_bezier.h:277:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system[2]=_coeff[2]-x._coeff[2];
data/etl-1.2.2/ETL/_bezier.h:278:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system[3]=_coeff[3]-x._coeff[3];
data/etl-1.2.2/ETL/_bezier.h:286:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
t-= (system[0]+(system[1]+(system[2]+(system[3])*t)*t)*t)/
data/etl-1.2.2/ETL/_bezier.h:286:20: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
t-= (system[0]+(system[1]+(system[2]+(system[3])*t)*t)*t)/
data/etl-1.2.2/ETL/_bezier.h:286:31: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
t-= (system[0]+(system[1]+(system[2]+(system[3])*t)*t)*t)/
data/etl-1.2.2/ETL/_bezier.h:286:42: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
t-= (system[0]+(system[1]+(system[2]+(system[3])*t)*t)*t)/
data/etl-1.2.2/ETL/_bezier.h:287:6: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
(system[1]+(system[2]*2+(system[3]*3)*t)*t);
data/etl-1.2.2/ETL/_bezier.h:287:17: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
(system[1]+(system[2]*2+(system[3]*3)*t)*t);
data/etl-1.2.2/ETL/_bezier.h:287:30: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
(system[1]+(system[2]*2+(system[3]*3)*t)*t);
data/etl-1.2.2/ETL/_bezier.h:354:14: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
value_type system[4];
data/etl-1.2.2/ETL/_bezier.h:355:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system[0]=_coeff[0]-x._coeff[0];
data/etl-1.2.2/ETL/_bezier.h:356:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system[1]=_coeff[1]-x._coeff[1];
data/etl-1.2.2/ETL/_bezier.h:357:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system[2]=_coeff[2]-x._coeff[2];
data/etl-1.2.2/ETL/_bezier.h:358:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system[3]=_coeff[3]-x._coeff[3];
data/etl-1.2.2/ETL/_bezier.h:366:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
t-= (system[0]+(system[1]+(system[2]+(system[3])*t)*t)*t)/
data/etl-1.2.2/ETL/_bezier.h:366:20: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
t-= (system[0]+(system[1]+(system[2]+(system[3])*t)*t)*t)/
data/etl-1.2.2/ETL/_bezier.h:366:31: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
t-= (system[0]+(system[1]+(system[2]+(system[3])*t)*t)*t)/
data/etl-1.2.2/ETL/_bezier.h:366:42: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
t-= (system[0]+(system[1]+(system[2]+(system[3])*t)*t)*t)/
data/etl-1.2.2/ETL/_bezier.h:367:6: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
(system[1]+(system[2]*2+(system[3]*3)*t)*t);
data/etl-1.2.2/ETL/_bezier.h:367:17: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
(system[1]+(system[2]*2+(system[3]*3)*t)*t);
data/etl-1.2.2/ETL/_bezier.h:367:30: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
(system[1]+(system[2]*2+(system[3]*3)*t)*t);
data/etl-1.2.2/ETL/_stringf.h:77:14: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
extern int vsnprintf(char *,size_t,const char*,va_list)ETL_NO_THROW;
data/etl-1.2.2/ETL/_stringf.h:86:15: [4] (buffer) vsscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
extern int vsscanf(const char *,const char *,va_list)ETL_NO_THROW;
data/etl-1.2.2/ETL/_stringf.h:93:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
extern int sscanf(const char *buf, const char *format, ...)ETL_NO_THROW;
data/etl-1.2.2/ETL/_stringf.h:127:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buffer,sizeof(buffer),format,args);
data/etl-1.2.2/ETL/_stringf.h:130:50: [4] (buffer) vsprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#warning Potential for Buffer-overflow bug using vsprintf
data/etl-1.2.2/ETL/_stringf.h:139:2: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buffer,format,args);
data/etl-1.2.2/ETL/_stringf.h:160:12: [4] (buffer) vsscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
return vsscanf(data.c_str(),format,args);
data/etl-1.2.2/ETL/_stringf.h:175:35: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
#define strscanf(data,format,...) sscanf(data.c_str(),format,__VA_ARGS__)
data/etl-1.2.2/test/handle.cpp:104:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__FILE__":%d: on create/destroy, instance count=%d, should be zero.\n",__LINE__,my_test_obj::instance_count);
data/etl-1.2.2/test/handle.cpp:117:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__FILE__":%d: on create/destroy, instance count=%d, should be zero.\n",__LINE__,my_test_obj::instance_count);
data/etl-1.2.2/test/handle.cpp:126:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__FILE__":%d: on call to handle<>::constant().\n",__LINE__);
data/etl-1.2.2/test/handle.cpp:150:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__FILE__":%d: On copy, instance count=%d, should be %d.\n",__LINE__,my_test_obj::instance_count,NUMBER_OF_OBJECTS);
data/etl-1.2.2/test/handle.cpp:158:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__FILE__":%d: On copy, instance count=%d, should be %d.\n",__LINE__,my_test_obj::instance_count,NUMBER_OF_OBJECTS);
data/etl-1.2.2/test/handle.cpp:166:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__FILE__":%d: On copy's clear, instance count=%d, should be %d.\n",__LINE__,my_test_obj::instance_count,NUMBER_OF_OBJECTS);
data/etl-1.2.2/test/handle.cpp:176:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__FILE__":%d: On swap (27,42) gave (%d,%d), should be (42,27).\n",__LINE__,a->my_id,b->my_id);
data/etl-1.2.2/test/handle.cpp:185:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__FILE__":%d: On clear, instance count=%d, should be zero.\n",__LINE__,my_test_obj::instance_count);
data/etl-1.2.2/test/handle.cpp:224:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__FILE__":%d: On copy, handle count=%d, should be %d.\n",__LINE__,obj.count(),NUMBER_OF_OBJECTS*2+1);
data/etl-1.2.2/test/handle.cpp:231:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__FILE__":%d: On copy, rhandle count=%d, should be %d.\n",__LINE__,obj.rcount(),NUMBER_OF_OBJECTS+1);
data/etl-1.2.2/test/handle.cpp:239:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__FILE__":%d: On copy, instance count=%d, should be %d.\n",__LINE__,obj.rcount(),NUMBER_OF_OBJECTS+1);
data/etl-1.2.2/test/handle.cpp:248:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__FILE__":%d: On copy, instance count=%d, should be %d.\n",__LINE__,obj.rcount(),NUMBER_OF_OBJECTS+1);
data/etl-1.2.2/test/handle.cpp:257:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__FILE__":%d: On copy's clear, handle count (%d) != rhandle count (%d)\n",__LINE__,obj.count(),obj.rcount());
data/etl-1.2.2/test/handle.cpp:264:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__FILE__":%d: On copy's clear, instance count=%d, should be %d.\n",__LINE__,obj.rcount(),NUMBER_OF_OBJECTS+1);
data/etl-1.2.2/test/handle.cpp:275:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__FILE__":%d: Only managed to replace %d, should have replaced %d\n",__LINE__,replacements,NUMBER_OF_OBJECTS+1);
data/etl-1.2.2/test/handle.cpp:282:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__FILE__":%d: On replace, handles should be equal.\n",__LINE__);
data/etl-1.2.2/test/handle.cpp:299:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__FILE__":%d: On clear, instance count=%d, should be zero.\n",__LINE__,my_test_obj::instance_count);
data/etl-1.2.2/test/handle.cpp:328:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__FILE__":%d: On clear, instance count=%d, should be zero.\n",__LINE__,my_test_obj::instance_count);
data/etl-1.2.2/test/handle.cpp:353:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__FILE__":%d: On copy, instance count=%d, should be %d.\n",__LINE__,my_test_obj::instance_count,NUMBER_OF_OBJECTS);
data/etl-1.2.2/test/handle.cpp:363:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__FILE__":%d: On inherited copy, instance count=%d, should be %d.\n",__LINE__,my_test_obj::instance_count,NUMBER_OF_OBJECTS*2);
data/etl-1.2.2/test/handle.cpp:372:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__FILE__":%d: On sort, instance count=%d, should be %d.\n",__LINE__,my_test_obj::instance_count,NUMBER_OF_OBJECTS*2);
data/etl-1.2.2/test/handle.cpp:380:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__FILE__":%d: On clear, instance count=%d, should be %d.\n",__LINE__,my_test_obj::instance_count,NUMBER_OF_OBJECTS);
data/etl-1.2.2/test/handle.cpp:388:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__FILE__":%d: On clear, instance count=%d, should be zero.\n",__LINE__,my_test_obj::instance_count);
data/etl-1.2.2/test/handle.cpp:415:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__FILE__":%d: on handle assignment from new object, instance count=%d, should be 1.\n",__LINE__,my_test_obj::instance_count);
data/etl-1.2.2/test/handle.cpp:423:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__FILE__":%d: on loose_handle assignment\n",__LINE__);
data/etl-1.2.2/test/handle.cpp:431:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__FILE__":%d: on handle assignment from loose_handle, instance count=%d, should be 1.\n",__LINE__,my_test_obj::instance_count);
data/etl-1.2.2/test/handle.cpp:439:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__FILE__":%d: on handle assignment from loose_handle, instance count=%d, should be 1.\n",__LINE__,my_test_obj::instance_count);
data/etl-1.2.2/test/handle.cpp:450:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__FILE__":%d: on loose_handle swap (27,42) gave (%d,%d), should be (42,27).\n",__LINE__,a->my_id,b->my_id);
data/etl-1.2.2/test/handle.cpp:458:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__FILE__":%d: on create/destroy, instance count=%d, should be 3.\n",__LINE__,my_test_obj::instance_count);
data/etl-1.2.2/test/handle.cpp:482:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__FILE__":%d: on handle assignment from loose_handle.\n",__LINE__);
data/etl-1.2.2/test/smart_ptr.cpp:103:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__FILE__":%d: on create/destroy, instance count=%d, should be zero.\n",__LINE__,my_test_obj::instance_count);
data/etl-1.2.2/test/smart_ptr.cpp:124:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__FILE__":%d: on create/destroy, instance count=%d, should be zero.\n",__LINE__,my_test_obj::instance_count);
data/etl-1.2.2/test/smart_ptr.cpp:133:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__FILE__":%d: on call to smart_ptr<>::constant().\n",__LINE__);
data/etl-1.2.2/test/smart_ptr.cpp:157:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__FILE__":%d: On copy, instance count=%d, should be %d.\n",__LINE__,my_test_obj::instance_count,NUMBER_OF_OBJECTS);
data/etl-1.2.2/test/smart_ptr.cpp:165:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__FILE__":%d: On copy, instance count=%d, should be %d.\n",__LINE__,my_test_obj::instance_count,NUMBER_OF_OBJECTS);
data/etl-1.2.2/test/smart_ptr.cpp:173:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__FILE__":%d: On copy's clear, instance count=%d, should be %d.\n",__LINE__,my_test_obj::instance_count,NUMBER_OF_OBJECTS);
data/etl-1.2.2/test/smart_ptr.cpp:181:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__FILE__":%d: On clear, instance count=%d, should be zero.\n",__LINE__,my_test_obj::instance_count);
data/etl-1.2.2/test/smart_ptr.cpp:206:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__FILE__":%d: On copy, instance count=%d, should be %d.\n",__LINE__,my_test_obj::instance_count,NUMBER_OF_OBJECTS);
data/etl-1.2.2/test/smart_ptr.cpp:216:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__FILE__":%d: On inherited copy, instance count=%d, should be %d.\n",__LINE__,my_test_obj::instance_count,NUMBER_OF_OBJECTS*2);
data/etl-1.2.2/test/smart_ptr.cpp:225:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__FILE__":%d: On sort, instance count=%d, should be %d.\n",__LINE__,my_test_obj::instance_count,NUMBER_OF_OBJECTS*2);
data/etl-1.2.2/test/smart_ptr.cpp:233:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__FILE__":%d: On clear, instance count=%d, should be %d.\n",__LINE__,my_test_obj::instance_count,NUMBER_OF_OBJECTS);
data/etl-1.2.2/test/smart_ptr.cpp:241:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__FILE__":%d: On clear, instance count=%d, should be zero.\n",__LINE__,my_test_obj::instance_count);
data/etl-1.2.2/test/smart_ptr.cpp:267:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__FILE__":%d: on smart_ptr assignment from new object, instance count=%d, should be 1.\n",__LINE__,my_test_obj::instance_count);
data/etl-1.2.2/test/smart_ptr.cpp:275:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__FILE__":%d: on loose_smart_ptr assignment\n",__LINE__);
data/etl-1.2.2/test/smart_ptr.cpp:283:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__FILE__":%d: on smart_ptr assignment from loose_smart_ptr, instance count=%d, should be 1.\n",__LINE__,my_test_obj::instance_count);
data/etl-1.2.2/test/smart_ptr.cpp:291:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__FILE__":%d: on smart_ptr assignment from loose_smart_ptr, instance count=%d, should be 1.\n",__LINE__,my_test_obj::instance_count);
data/etl-1.2.2/test/smart_ptr.cpp:299:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__FILE__":%d: on create/destroy, instance count=%d, should be 1.\n",__LINE__,my_test_obj::instance_count);
data/etl-1.2.2/ETL/_random.h:82:7: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
class random
data/etl-1.2.2/ETL/_random.h:95:2: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
random()
data/etl-1.2.2/test/random.cpp:35:2: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
random<int> Rand;
data/etl-1.2.2/ETL/_stringf.h:123:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[ETL_STRPRINTF_MAX_LENGTH];
data/etl-1.2.2/ETL/_stringf.h:125:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[ETL_STRPRINTF_MAX_LENGTH];
data/etl-1.2.2/ETL/_stringf.h:135:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[ETL_STRPRINTF_MAX_LENGTH*2];
data/etl-1.2.2/ETL/_stringf.h:137:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[ETL_STRPRINTF_MAX_LENGTH*2];
data/etl-1.2.2/ETL/_stringf.h:181:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define stratoi(X) (atoi((X).c_str()))
data/etl-1.2.2/ETL/_stringf.h:306:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[256];
data/etl-1.2.2/ETL/_surface.h:270:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data_,s.data_,abs(pitch_)*h_);
data/etl-1.2.2/ETL/_surface.h:310:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data_,rhs.data_,pitch_*h_);
data/etl-1.2.2/ETL/_surface.h:320:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data_, rhs.data_, pitch_*h_);
data/etl-1.2.2/ETL/_trivial.h:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[sizeof(T)];
data/etl-1.2.2/test/stringf.cpp:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mystring[80]="My formatted string!";
ANALYSIS SUMMARY:
Hits = 93
Lines analyzed = 19269 in approximately 0.85 seconds (22763 lines/second)
Physical Source Lines of Code (SLOC) = 13469
Hits@level = [0] 318 [1] 0 [2] 11 [3] 3 [4] 79 [5] 0
Hits@level+ = [0+] 411 [1+] 93 [2+] 93 [3+] 82 [4+] 79 [5+] 0
Hits/KSLOC@level+ = [0+] 30.5145 [1+] 6.90474 [2+] 6.90474 [3+] 6.08805 [4+] 5.86532 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.