Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/fplll-5.3.3/fplll/bkz.cpp
Examining data/fplll-5.3.3/fplll/bkz.h
Examining data/fplll-5.3.3/fplll/bkz_param.cpp
Examining data/fplll-5.3.3/fplll/bkz_param.h
Examining data/fplll-5.3.3/fplll/enum-parallel/enumeration.h
Examining data/fplll-5.3.3/fplll/enum-parallel/enumlib.cpp
Examining data/fplll-5.3.3/fplll/enum-parallel/enumlib.h
Examining data/fplll-5.3.3/fplll/enum-parallel/enumlib_dim.100.cpp
Examining data/fplll-5.3.3/fplll/enum-parallel/enumlib_dim.110.cpp
Examining data/fplll-5.3.3/fplll/enum-parallel/enumlib_dim.120.cpp
Examining data/fplll-5.3.3/fplll/enum-parallel/enumlib_dim.130.cpp
Examining data/fplll-5.3.3/fplll/enum-parallel/enumlib_dim.140.cpp
Examining data/fplll-5.3.3/fplll/enum-parallel/enumlib_dim.150.cpp
Examining data/fplll-5.3.3/fplll/enum-parallel/enumlib_dim.160.cpp
Examining data/fplll-5.3.3/fplll/enum-parallel/enumlib_dim.20.cpp
Examining data/fplll-5.3.3/fplll/enum-parallel/enumlib_dim.30.cpp
Examining data/fplll-5.3.3/fplll/enum-parallel/enumlib_dim.40.cpp
Examining data/fplll-5.3.3/fplll/enum-parallel/enumlib_dim.50.cpp
Examining data/fplll-5.3.3/fplll/enum-parallel/enumlib_dim.60.cpp
Examining data/fplll-5.3.3/fplll/enum-parallel/enumlib_dim.70.cpp
Examining data/fplll-5.3.3/fplll/enum-parallel/enumlib_dim.80.cpp
Examining data/fplll-5.3.3/fplll/enum-parallel/enumlib_dim.90.cpp
Examining data/fplll-5.3.3/fplll/enum-parallel/enumlib_dim.cpp
Examining data/fplll-5.3.3/fplll/enum-parallel/fplll_types.h
Examining data/fplll-5.3.3/fplll/enum/enumerate.cpp
Examining data/fplll-5.3.3/fplll/enum/enumerate.h
Examining data/fplll-5.3.3/fplll/enum/enumerate_base.cpp
Examining data/fplll-5.3.3/fplll/enum/enumerate_base.h
Examining data/fplll-5.3.3/fplll/enum/enumerate_ext.cpp
Examining data/fplll-5.3.3/fplll/enum/enumerate_ext.h
Examining data/fplll-5.3.3/fplll/enum/evaluator.cpp
Examining data/fplll-5.3.3/fplll/enum/evaluator.h
Examining data/fplll-5.3.3/fplll/enum/topenum.cpp
Examining data/fplll-5.3.3/fplll/enum/topenum.h
Examining data/fplll-5.3.3/fplll/fplll.cpp
Examining data/fplll-5.3.3/fplll/fplll.h
Examining data/fplll-5.3.3/fplll/gso.cpp
Examining data/fplll-5.3.3/fplll/gso.h
Examining data/fplll-5.3.3/fplll/gso_gram.cpp
Examining data/fplll-5.3.3/fplll/gso_gram.h
Examining data/fplll-5.3.3/fplll/gso_interface.cpp
Examining data/fplll-5.3.3/fplll/gso_interface.h
Examining data/fplll-5.3.3/fplll/hlll.cpp
Examining data/fplll-5.3.3/fplll/hlll.h
Examining data/fplll-5.3.3/fplll/householder.cpp
Examining data/fplll-5.3.3/fplll/householder.h
Examining data/fplll-5.3.3/fplll/io/json.hpp
Examining data/fplll-5.3.3/fplll/io/thread_pool.hpp
Examining data/fplll-5.3.3/fplll/latticegen.cpp
Examining data/fplll-5.3.3/fplll/lll.cpp
Examining data/fplll-5.3.3/fplll/lll.h
Examining data/fplll-5.3.3/fplll/llldiff.cpp
Examining data/fplll-5.3.3/fplll/main.cpp
Examining data/fplll-5.3.3/fplll/main.h
Examining data/fplll-5.3.3/fplll/nr/dpe.h
Examining data/fplll-5.3.3/fplll/nr/matrix.cpp
Examining data/fplll-5.3.3/fplll/nr/matrix.h
Examining data/fplll-5.3.3/fplll/nr/nr.h
Examining data/fplll-5.3.3/fplll/nr/numvect.h
Examining data/fplll-5.3.3/fplll/pruner/pruner.cpp
Examining data/fplll-5.3.3/fplll/pruner/pruner.h
Examining data/fplll-5.3.3/fplll/pruner/pruner_cost.cpp
Examining data/fplll-5.3.3/fplll/pruner/pruner_optimize.cpp
Examining data/fplll-5.3.3/fplll/pruner/pruner_optimize_tc.cpp
Examining data/fplll-5.3.3/fplll/pruner/pruner_optimize_tp.cpp
Examining data/fplll-5.3.3/fplll/pruner/pruner_prob.cpp
Examining data/fplll-5.3.3/fplll/pruner/pruner_simplex.h
Examining data/fplll-5.3.3/fplll/pruner/pruner_util.cpp
Examining data/fplll-5.3.3/fplll/sieve/sampler_basic.cpp
Examining data/fplll-5.3.3/fplll/sieve/sampler_basic.h
Examining data/fplll-5.3.3/fplll/sieve/sampler_main.cpp
Examining data/fplll-5.3.3/fplll/sieve/sieve_common.h
Examining data/fplll-5.3.3/fplll/sieve/sieve_gauss.cpp
Examining data/fplll-5.3.3/fplll/sieve/sieve_gauss.h
Examining data/fplll-5.3.3/fplll/sieve/sieve_gauss_2sieve.cpp
Examining data/fplll-5.3.3/fplll/sieve/sieve_gauss_3sieve.cpp
Examining data/fplll-5.3.3/fplll/sieve/sieve_gauss_4sieve.cpp
Examining data/fplll-5.3.3/fplll/sieve/sieve_gauss_str.h
Examining data/fplll-5.3.3/fplll/sieve/sieve_main.cpp
Examining data/fplll-5.3.3/fplll/sieve/sieve_main.h
Examining data/fplll-5.3.3/fplll/svpcvp.cpp
Examining data/fplll-5.3.3/fplll/svpcvp.h
Examining data/fplll-5.3.3/fplll/threadpool.cpp
Examining data/fplll-5.3.3/fplll/threadpool.h
Examining data/fplll-5.3.3/fplll/util.cpp
Examining data/fplll-5.3.3/fplll/util.h
Examining data/fplll-5.3.3/fplll/wrapper.cpp
Examining data/fplll-5.3.3/fplll/wrapper.h
Examining data/fplll-5.3.3/fplll/defs.h
Examining data/fplll-5.3.3/tests/test_bkz.cpp
Examining data/fplll-5.3.3/tests/test_bkz_gram.cpp
Examining data/fplll-5.3.3/tests/test_cvp.cpp
Examining data/fplll-5.3.3/tests/test_enum.cpp
Examining data/fplll-5.3.3/tests/test_gso.cpp
Examining data/fplll-5.3.3/tests/test_hlll.cpp
Examining data/fplll-5.3.3/tests/test_lll.cpp
Examining data/fplll-5.3.3/tests/test_lll_gram.cpp
Examining data/fplll-5.3.3/tests/test_nr.cpp
Examining data/fplll-5.3.3/tests/test_pruner.cpp
Examining data/fplll-5.3.3/tests/test_sieve.cpp
Examining data/fplll-5.3.3/tests/test_svp.cpp
Examining data/fplll-5.3.3/tests/test_svp_gram.cpp
Examining data/fplll-5.3.3/tests/test_utils.h
FINAL RESULTS:
data/fplll-5.3.3/fplll/nr/matrix.cpp:171:8: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
is.setstate(ios::failbit);
data/fplll-5.3.3/fplll/nr/numvect.h:100:8: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
is.setstate(ios::failbit);
data/fplll-5.3.3/fplll/sieve/sampler_basic.cpp:44:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(seed);
data/fplll-5.3.3/fplll/sieve/sampler_main.cpp:5:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/fplll-5.3.3/fplll/sieve/sieve_main.cpp:67:20: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((option = getopt(argc, argv, "a:f:r:t:s:b:v")) != -1)
data/fplll-5.3.3/fplll/sieve/sieve_main.cpp:136:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/fplll-5.3.3/tests/test_bkz.cpp:195:30: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
string file_bkz_dump_gso = tmpnam(nullptr);
data/fplll-5.3.3/fplll/bkz.cpp:739:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dump.open(filename.c_str(), std::ios_base::app);
data/fplll-5.3.3/fplll/bkz.cpp:743:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dump.open(filename.c_str());
data/fplll-5.3.3/fplll/defs.h:170:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *const RED_STATUS_STR[RED_STATUS_MAX] = {"success",
data/fplll-5.3.3/fplll/defs.h:191:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *const LLL_METHOD_STR[6] = {"wrapper", "proved", "heuristic", "fast"};
data/fplll-5.3.3/fplll/defs.h:195:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *const HLLL_METHOD_STR[4] = {"wrapper", "proved", "", "fast"};
data/fplll-5.3.3/fplll/defs.h:204:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *const INT_TYPE_STR[5] = {"mpz", "long", "double"};
data/fplll-5.3.3/fplll/defs.h:217:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *const FLOAT_TYPE_STR[7] = {"", "double", "long double", "dpe", "dd", "qd", "mpfr"};
data/fplll-5.3.3/fplll/io/json.hpp:6314:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char hexify[16] =
data/fplll-5.3.3/fplll/latticegen.cpp:81:31: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
RandGen::init_with_seed(atol(argv[iArg]));
data/fplll-5.3.3/fplll/latticegen.cpp:89:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int d = atoi(argv[iArg + 1]);
data/fplll-5.3.3/fplll/latticegen.cpp:101:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int b = atoi(argv[iArg]);
data/fplll-5.3.3/fplll/latticegen.cpp:110:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int b = atoi(argv[iArg]);
data/fplll-5.3.3/fplll/latticegen.cpp:111:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int b2 = atoi(argv[iArg + 1]);
data/fplll-5.3.3/fplll/latticegen.cpp:120:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int b = atoi(argv[iArg]);
data/fplll-5.3.3/fplll/latticegen.cpp:129:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int b = atoi(argv[iArg]);
data/fplll-5.3.3/fplll/latticegen.cpp:155:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int k = atoi(argv[iArg]);
data/fplll-5.3.3/fplll/latticegen.cpp:156:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int b = atoi(argv[iArg + 1]);
data/fplll-5.3.3/fplll/latticegen.cpp:187:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int b = atoi(argv[iArg]);
data/fplll-5.3.3/fplll/main.cpp:100:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *file = fopen(file_name, "r");
data/fplll-5.3.3/fplll/main.cpp:510:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
o.block_size = atoi(argv[ac]);
data/fplll-5.3.3/fplll/main.cpp:516:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
o.prune_start = atoi(argv[ac]);
data/fplll-5.3.3/fplll/main.cpp:522:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
o.prune_end = atoi(argv[ac]);
data/fplll-5.3.3/fplll/main.cpp:544:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
o.bkz_max_loops = atoi(argv[ac]);
data/fplll-5.3.3/fplll/main.cpp:625:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
o.siegel = !atoi(argv[ac]);
data/fplll-5.3.3/fplll/main.cpp:663:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
o.precision = atoi(argv[ac]);
data/fplll-5.3.3/fplll/sieve/sieve_main.cpp:72:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
alg = atoi(optarg);
data/fplll-5.3.3/fplll/sieve/sieve_main.cpp:81:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dim = atoi(optarg);
data/fplll-5.3.3/fplll/sieve/sieve_main.cpp:85:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
seed = atoi(optarg);
data/fplll-5.3.3/fplll/sieve/sieve_main.cpp:88:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bs = atoi(optarg);
data/fplll-5.3.3/tests/test_utils.h:20:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
is.open(input_filename);
data/fplll-5.3.3/fplll/io/json.hpp:8995:84: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_lexer(reinterpret_cast<const typename lexer::lexer_char_t*>(buff), strlen(buff))
data/fplll-5.3.3/fplll/nr/matrix.cpp:163:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
template <class T> void Matrix<T>::read(istream &is)
data/fplll-5.3.3/fplll/nr/matrix.h:210:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(istream &is);
data/fplll-5.3.3/fplll/nr/matrix.h:238:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m.read(is);
ANALYSIS SUMMARY:
Hits = 41
Lines analyzed = 36688 in approximately 0.92 seconds (39770 lines/second)
Physical Source Lines of Code (SLOC) = 22568
Hits@level = [0] 11 [1] 4 [2] 30 [3] 7 [4] 0 [5] 0
Hits@level+ = [0+] 52 [1+] 41 [2+] 37 [3+] 7 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 2.30415 [1+] 1.81673 [2+] 1.63949 [3+] 0.310174 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.