Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/galpy-1.6.0.post0/galpy/actionAngle/actionAngleTorus_c_ext/galpyPot.h
Examining data/galpy-1.6.0.post0/galpy/actionAngle/actionAngle_c_ext/actionAngle.h
Examining data/galpy-1.6.0.post0/galpy/actionAngle/actionAngle_c_ext/actionAngleAdiabatic.c
Examining data/galpy-1.6.0.post0/galpy/actionAngle/actionAngle_c_ext/actionAngleStaeckel.c
Examining data/galpy-1.6.0.post0/galpy/orbit/orbit_c_ext/integrateFullOrbit.c
Examining data/galpy-1.6.0.post0/galpy/orbit/orbit_c_ext/integrateFullOrbit.h
Examining data/galpy-1.6.0.post0/galpy/orbit/orbit_c_ext/integrateLinearOrbit.c
Examining data/galpy-1.6.0.post0/galpy/orbit/orbit_c_ext/integratePlanarOrbit.c
Examining data/galpy-1.6.0.post0/galpy/potential/interppotential_c_ext/interppotential_calc_potential.c
Examining data/galpy-1.6.0.post0/galpy/potential/potential_c_ext/BurkertPotential.c
Examining data/galpy-1.6.0.post0/galpy/potential/potential_c_ext/ChandrasekharDynamicalFrictionForce.c
Examining data/galpy-1.6.0.post0/galpy/potential/potential_c_ext/CorotatingRotationWrapperPotential.c
Examining data/galpy-1.6.0.post0/galpy/potential/potential_c_ext/CosmphiDiskPotential.c
Examining data/galpy-1.6.0.post0/galpy/potential/potential_c_ext/DehnenBarPotential.c
Examining data/galpy-1.6.0.post0/galpy/potential/potential_c_ext/DehnenCorePotential.c
Examining data/galpy-1.6.0.post0/galpy/potential/potential_c_ext/DehnenPotential.c
Examining data/galpy-1.6.0.post0/galpy/potential/potential_c_ext/DehnenSmoothWrapperPotential.c
Examining data/galpy-1.6.0.post0/galpy/potential/potential_c_ext/DiskSCFPotential.c
Examining data/galpy-1.6.0.post0/galpy/potential/potential_c_ext/DoubleExponentialDiskPotential.c
Examining data/galpy-1.6.0.post0/galpy/potential/potential_c_ext/EllipsoidalPotential.c
Examining data/galpy-1.6.0.post0/galpy/potential/potential_c_ext/EllipticalDiskPotential.c
Examining data/galpy-1.6.0.post0/galpy/potential/potential_c_ext/FlattenedPowerPotential.c
Examining data/galpy-1.6.0.post0/galpy/potential/potential_c_ext/GaussianAmplitudeWrapperPotential.c
Examining data/galpy-1.6.0.post0/galpy/potential/potential_c_ext/HenonHeilesPotential.c
Examining data/galpy-1.6.0.post0/galpy/potential/potential_c_ext/HernquistPotential.c
Examining data/galpy-1.6.0.post0/galpy/potential/potential_c_ext/HomogeneousSpherePotential.c
Examining data/galpy-1.6.0.post0/galpy/potential/potential_c_ext/IsochronePotential.c
Examining data/galpy-1.6.0.post0/galpy/potential/potential_c_ext/IsothermalDiskPotential.c
Examining data/galpy-1.6.0.post0/galpy/potential/potential_c_ext/JaffePotential.c
Examining data/galpy-1.6.0.post0/galpy/potential/potential_c_ext/KGPotential.c
Examining data/galpy-1.6.0.post0/galpy/potential/potential_c_ext/KuzminDiskPotential.c
Examining data/galpy-1.6.0.post0/galpy/potential/potential_c_ext/KuzminKutuzovStaeckelPotential.c
Examining data/galpy-1.6.0.post0/galpy/potential/potential_c_ext/LogarithmicHaloPotential.c
Examining data/galpy-1.6.0.post0/galpy/potential/potential_c_ext/LopsidedDiskPotential.c
Examining data/galpy-1.6.0.post0/galpy/potential/potential_c_ext/MiyamotoNagaiPotential.c
Examining data/galpy-1.6.0.post0/galpy/potential/potential_c_ext/MovingObjectPotential.c
Examining data/galpy-1.6.0.post0/galpy/potential/potential_c_ext/NFWPotential.c
Examining data/galpy-1.6.0.post0/galpy/potential/potential_c_ext/PerfectEllipsoidPotential.c
Examining data/galpy-1.6.0.post0/galpy/potential/potential_c_ext/PlummerPotential.c
Examining data/galpy-1.6.0.post0/galpy/potential/potential_c_ext/PowerSphericalPotential.c
Examining data/galpy-1.6.0.post0/galpy/potential/potential_c_ext/PowerSphericalPotentialwCutoff.c
Examining data/galpy-1.6.0.post0/galpy/potential/potential_c_ext/PseudoIsothermalPotential.c
Examining data/galpy-1.6.0.post0/galpy/potential/potential_c_ext/SCFPotential.c
Examining data/galpy-1.6.0.post0/galpy/potential/potential_c_ext/SoftenedNeedleBarPotential.c
Examining data/galpy-1.6.0.post0/galpy/potential/potential_c_ext/SolidBodyRotationWrapperPotential.c
Examining data/galpy-1.6.0.post0/galpy/potential/potential_c_ext/SpiralArmsPotential.c
Examining data/galpy-1.6.0.post0/galpy/potential/potential_c_ext/SteadyLogSpiralPotential.c
Examining data/galpy-1.6.0.post0/galpy/potential/potential_c_ext/TransientLogSpiralPotential.c
Examining data/galpy-1.6.0.post0/galpy/potential/potential_c_ext/TwoPowerTriaxialPotential.c
Examining data/galpy-1.6.0.post0/galpy/potential/potential_c_ext/ZeroPotential.c
Examining data/galpy-1.6.0.post0/galpy/potential/potential_c_ext/galpy_potentials.c
Examining data/galpy-1.6.0.post0/galpy/potential/potential_c_ext/galpy_potentials.h
Examining data/galpy-1.6.0.post0/galpy/potential/potential_c_ext/interpRZPotential.c
Examining data/galpy-1.6.0.post0/galpy/potential/potential_c_ext/verticalPotential.c
Examining data/galpy-1.6.0.post0/galpy/util/bovy_coords.c
Examining data/galpy-1.6.0.post0/galpy/util/bovy_coords.h
Examining data/galpy-1.6.0.post0/galpy/util/bovy_rk.c
Examining data/galpy-1.6.0.post0/galpy/util/bovy_rk.h
Examining data/galpy-1.6.0.post0/galpy/util/bovy_symplecticode.c
Examining data/galpy-1.6.0.post0/galpy/util/bovy_symplecticode.h
Examining data/galpy-1.6.0.post0/galpy/util/interp_2d/cubic_bspline_2d_coeffs.c
Examining data/galpy-1.6.0.post0/galpy/util/interp_2d/cubic_bspline_2d_coeffs.h
Examining data/galpy-1.6.0.post0/galpy/util/interp_2d/cubic_bspline_2d_interpol.c
Examining data/galpy-1.6.0.post0/galpy/util/interp_2d/cubic_bspline_2d_interpol.h
Examining data/galpy-1.6.0.post0/galpy/util/interp_2d/interp_2d.c
Examining data/galpy-1.6.0.post0/galpy/util/interp_2d/interp_2d.h
Examining data/galpy-1.6.0.post0/galpy/util/leung_dop853.c
Examining data/galpy-1.6.0.post0/galpy/util/leung_dop853.h
FINAL RESULTS:
data/galpy-1.6.0.post0/galpy/orbit/orbit_c_ext/integrateFullOrbit.c:494:18: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
double atol,
data/galpy-1.6.0.post0/galpy/orbit/orbit_c_ext/integrateFullOrbit.c:566:53: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
npot,potentialArgs+omp_get_thread_num()*npot,rtol,atol,
data/galpy-1.6.0.post0/galpy/orbit/orbit_c_ext/integrateFullOrbit.c:586:12: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
double atol,
data/galpy-1.6.0.post0/galpy/orbit/orbit_c_ext/integrateFullOrbit.c:643:13: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rtol,atol,result,err);
data/galpy-1.6.0.post0/galpy/orbit/orbit_c_ext/integrateLinearOrbit.c:121:13: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
double atol,
data/galpy-1.6.0.post0/galpy/orbit/orbit_c_ext/integrateLinearOrbit.c:192:53: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
npot,potentialArgs+omp_get_thread_num()*npot,rtol,atol,
data/galpy-1.6.0.post0/galpy/orbit/orbit_c_ext/integratePlanarOrbit.c:416:13: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
double atol,
data/galpy-1.6.0.post0/galpy/orbit/orbit_c_ext/integratePlanarOrbit.c:488:53: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
npot,potentialArgs+omp_get_thread_num()*npot,rtol,atol,
data/galpy-1.6.0.post0/galpy/orbit/orbit_c_ext/integratePlanarOrbit.c:509:18: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
double atol,
data/galpy-1.6.0.post0/galpy/orbit/orbit_c_ext/integratePlanarOrbit.c:550:72: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
odeint_func(odeint_deriv_func,dim,yo,nt,dt,t,npot,potentialArgs,rtol,atol,
data/galpy-1.6.0.post0/galpy/util/bovy_rk.c:72:28: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
double rtol, double atol,
data/galpy-1.6.0.post0/galpy/util/bovy_rk.c:89:11: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rtol,atol);
data/galpy-1.6.0.post0/galpy/util/bovy_rk.c:176:28: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
double rtol, double atol,
data/galpy-1.6.0.post0/galpy/util/bovy_rk.c:198:11: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rtol,atol);
data/galpy-1.6.0.post0/galpy/util/bovy_rk.c:330:24: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
double rtol,double atol){
data/galpy-1.6.0.post0/galpy/util/bovy_rk.c:351:18: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
double c= fmax(atol, rtol * max_val);
data/galpy-1.6.0.post0/galpy/util/bovy_rk.c:398:24: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
double rtol,double atol){
data/galpy-1.6.0.post0/galpy/util/bovy_rk.c:424:18: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
double c= fmax(atol, rtol * max_val);
data/galpy-1.6.0.post0/galpy/util/bovy_rk.c:505:24: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
double rtol, double atol,
data/galpy-1.6.0.post0/galpy/util/bovy_rk.c:528:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rtol,atol);
data/galpy-1.6.0.post0/galpy/util/bovy_rk.c:555:29: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nargs,potentialArgs,rtol,atol,
data/galpy-1.6.0.post0/galpy/util/bovy_rk.c:585:24: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
double rtol,double atol,
data/galpy-1.6.0.post0/galpy/util/bovy_rk.c:609:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rtol,atol,
data/galpy-1.6.0.post0/galpy/util/bovy_rk.c:618:29: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
double rtol,double atol,
data/galpy-1.6.0.post0/galpy/util/bovy_rk.c:730:18: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
double c= fmax(atol, rtol * max_val);
data/galpy-1.6.0.post0/galpy/util/bovy_symplecticode.c:109:28: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
double rtol, double atol,
data/galpy-1.6.0.post0/galpy/util/bovy_symplecticode.c:131:16: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rtol,atol);
data/galpy-1.6.0.post0/galpy/util/bovy_symplecticode.c:226:28: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
double rtol, double atol,
data/galpy-1.6.0.post0/galpy/util/bovy_symplecticode.c:256:16: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rtol,atol);
data/galpy-1.6.0.post0/galpy/util/bovy_symplecticode.c:378:28: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
double rtol, double atol,
data/galpy-1.6.0.post0/galpy/util/bovy_symplecticode.c:416:16: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rtol,atol);
data/galpy-1.6.0.post0/galpy/util/bovy_symplecticode.c:560:29: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
double rtol,double atol){
data/galpy-1.6.0.post0/galpy/util/bovy_symplecticode.c:587:18: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
double c= fmax(atol, rtol * max_val_q);
data/galpy-1.6.0.post0/galpy/util/bovy_symplecticode.c:590:11: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
c= fmax(atol, rtol * max_val_p);
data/galpy-1.6.0.post0/galpy/util/bovy_symplecticode.c:637:29: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
double rtol,double atol){
data/galpy-1.6.0.post0/galpy/util/bovy_symplecticode.c:672:18: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
double c= fmax(atol, rtol * max_val_q);
data/galpy-1.6.0.post0/galpy/util/bovy_symplecticode.c:675:11: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
c= fmax(atol, rtol * max_val_p);
data/galpy-1.6.0.post0/galpy/util/bovy_symplecticode.c:782:29: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
double rtol,double atol){
data/galpy-1.6.0.post0/galpy/util/bovy_symplecticode.c:825:18: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
double c= fmax(atol, rtol * max_val_q);
data/galpy-1.6.0.post0/galpy/util/bovy_symplecticode.c:828:11: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
c= fmax(atol, rtol * max_val_p);
data/galpy-1.6.0.post0/galpy/util/interp_2d/interp_2d.c:27:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(i2d->xa,xa,(i2d->size1)*sizeof(double));
data/galpy-1.6.0.post0/galpy/util/interp_2d/interp_2d.c:28:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(i2d->ya,ya,(i2d->size2)*sizeof(double));
data/galpy-1.6.0.post0/galpy/util/interp_2d/interp_2d.c:29:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(i2d->za,za,(i2d->size1)*(i2d->size2)*sizeof(double));
data/galpy-1.6.0.post0/galpy/util/leung_dop853.c:240:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
double atol,
data/galpy-1.6.0.post0/galpy/util/leung_dop853.c:245:13: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atol = exp(atol);
ANALYSIS SUMMARY:
Hits = 45
Lines analyzed = 14609 in approximately 0.55 seconds (26517 lines/second)
Physical Source Lines of Code (SLOC) = 11904
Hits@level = [0] 2 [1] 0 [2] 45 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 47 [1+] 45 [2+] 45 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 3.94825 [1+] 3.78024 [2+] 3.78024 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.