Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/hwloc-2.4.0~rc1+dfsg/contrib/misc/hwloc-tweak-osindex.c
Examining data/hwloc-2.4.0~rc1+dfsg/contrib/windows/hwloc_config.h
Examining data/hwloc-2.4.0~rc1+dfsg/contrib/windows/private_config.h
Examining data/hwloc-2.4.0~rc1+dfsg/contrib/windows/static-components.h
Examining data/hwloc-2.4.0~rc1+dfsg/doc/examples/cpuset+bitmap+cpubind.c
Examining data/hwloc-2.4.0~rc1+dfsg/doc/examples/get-knl-modes.c
Examining data/hwloc-2.4.0~rc1+dfsg/doc/examples/gpu.c
Examining data/hwloc-2.4.0~rc1+dfsg/doc/examples/hwloc-hello-cpp.cpp
Examining data/hwloc-2.4.0~rc1+dfsg/doc/examples/hwloc-hello.c
Examining data/hwloc-2.4.0~rc1+dfsg/doc/examples/nodeset+membind+policy.c
Examining data/hwloc-2.4.0~rc1+dfsg/doc/examples/sharedcaches.c
Examining data/hwloc-2.4.0~rc1+dfsg/hwloc/base64.c
Examining data/hwloc-2.4.0~rc1+dfsg/hwloc/bind.c
Examining data/hwloc-2.4.0~rc1+dfsg/hwloc/bitmap.c
Examining data/hwloc-2.4.0~rc1+dfsg/hwloc/components.c
Examining data/hwloc-2.4.0~rc1+dfsg/hwloc/cpukinds.c
Examining data/hwloc-2.4.0~rc1+dfsg/hwloc/diff.c
Examining data/hwloc-2.4.0~rc1+dfsg/hwloc/distances.c
Examining data/hwloc-2.4.0~rc1+dfsg/hwloc/dolib.c
Examining data/hwloc-2.4.0~rc1+dfsg/hwloc/memattrs.c
Examining data/hwloc-2.4.0~rc1+dfsg/hwloc/misc.c
Examining data/hwloc-2.4.0~rc1+dfsg/hwloc/pci-common.c
Examining data/hwloc-2.4.0~rc1+dfsg/hwloc/shmem.c
Examining data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-aix.c
Examining data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-bgq.c
Examining data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-cuda.c
Examining data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-darwin.c
Examining data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-fake.c
Examining data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-freebsd.c
Examining data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-gl.c
Examining data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-hardwired.c
Examining data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-hpux.c
Examining data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c
Examining data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-netbsd.c
Examining data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-noos.c
Examining data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-nvml.c
Examining data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-opencl.c
Examining data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-pci.c
Examining data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-rsmi.c
Examining data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-solaris-chiptype.c
Examining data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-solaris.c
Examining data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-synthetic.c
Examining data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-windows.c
Examining data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-x86.c
Examining data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml-libxml.c
Examining data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml-nolibxml.c
Examining data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c
Examining data/hwloc-2.4.0~rc1+dfsg/hwloc/topology.c
Examining data/hwloc-2.4.0~rc1+dfsg/hwloc/traversal.c
Examining data/hwloc-2.4.0~rc1+dfsg/include/hwloc.h
Examining data/hwloc-2.4.0~rc1+dfsg/include/hwloc/bitmap.h
Examining data/hwloc-2.4.0~rc1+dfsg/include/hwloc/cpukinds.h
Examining data/hwloc-2.4.0~rc1+dfsg/include/hwloc/cuda.h
Examining data/hwloc-2.4.0~rc1+dfsg/include/hwloc/cudart.h
Examining data/hwloc-2.4.0~rc1+dfsg/include/hwloc/deprecated.h
Examining data/hwloc-2.4.0~rc1+dfsg/include/hwloc/diff.h
Examining data/hwloc-2.4.0~rc1+dfsg/include/hwloc/distances.h
Examining data/hwloc-2.4.0~rc1+dfsg/include/hwloc/export.h
Examining data/hwloc-2.4.0~rc1+dfsg/include/hwloc/gl.h
Examining data/hwloc-2.4.0~rc1+dfsg/include/hwloc/glibc-sched.h
Examining data/hwloc-2.4.0~rc1+dfsg/include/hwloc/helper.h
Examining data/hwloc-2.4.0~rc1+dfsg/include/hwloc/inlines.h
Examining data/hwloc-2.4.0~rc1+dfsg/include/hwloc/linux-libnuma.h
Examining data/hwloc-2.4.0~rc1+dfsg/include/hwloc/linux.h
Examining data/hwloc-2.4.0~rc1+dfsg/include/hwloc/memattrs.h
Examining data/hwloc-2.4.0~rc1+dfsg/include/hwloc/nvml.h
Examining data/hwloc-2.4.0~rc1+dfsg/include/hwloc/opencl.h
Examining data/hwloc-2.4.0~rc1+dfsg/include/hwloc/openfabrics-verbs.h
Examining data/hwloc-2.4.0~rc1+dfsg/include/hwloc/plugins.h
Examining data/hwloc-2.4.0~rc1+dfsg/include/hwloc/rename.h
Examining data/hwloc-2.4.0~rc1+dfsg/include/hwloc/rsmi.h
Examining data/hwloc-2.4.0~rc1+dfsg/include/hwloc/shmem.h
Examining data/hwloc-2.4.0~rc1+dfsg/include/netloc.h
Examining data/hwloc-2.4.0~rc1+dfsg/include/netloc/utarray.h
Examining data/hwloc-2.4.0~rc1+dfsg/include/netloc/uthash.h
Examining data/hwloc-2.4.0~rc1+dfsg/include/netlocscotch.h
Examining data/hwloc-2.4.0~rc1+dfsg/include/private/components.h
Examining data/hwloc-2.4.0~rc1+dfsg/include/private/cpuid-x86.h
Examining data/hwloc-2.4.0~rc1+dfsg/include/private/debug.h
Examining data/hwloc-2.4.0~rc1+dfsg/include/private/internal-components.h
Examining data/hwloc-2.4.0~rc1+dfsg/include/private/misc.h
Examining data/hwloc-2.4.0~rc1+dfsg/include/private/netloc.h
Examining data/hwloc-2.4.0~rc1+dfsg/include/private/private.h
Examining data/hwloc-2.4.0~rc1+dfsg/include/private/solaris-chiptype.h
Examining data/hwloc-2.4.0~rc1+dfsg/include/private/xml.h
Examining data/hwloc-2.4.0~rc1+dfsg/netloc/architecture.c
Examining data/hwloc-2.4.0~rc1+dfsg/netloc/edge.c
Examining data/hwloc-2.4.0~rc1+dfsg/netloc/hwloc.c
Examining data/hwloc-2.4.0~rc1+dfsg/netloc/mpicomm.c
Examining data/hwloc-2.4.0~rc1+dfsg/netloc/node.c
Examining data/hwloc-2.4.0~rc1+dfsg/netloc/path.c
Examining data/hwloc-2.4.0~rc1+dfsg/netloc/physical_link.c
Examining data/hwloc-2.4.0~rc1+dfsg/netloc/scotch.c
Examining data/hwloc-2.4.0~rc1+dfsg/netloc/support.c
Examining data/hwloc-2.4.0~rc1+dfsg/netloc/topology.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/cpukinds.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/cpuset_nodeset.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/cuda.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/cudart.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/embedded/do_test.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/embedded/main.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/gl.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/glibc-sched.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_api_version.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_backends.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_bind.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_bitmap.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_bitmap_compare_inclusion.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_bitmap_first_last_weight.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_bitmap_singlify.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_bitmap_string.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_distances.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_get_area_memlocation.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_get_cache_covering_cpuset.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_get_closest_objs.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_get_largest_objs_inside_cpuset.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_get_last_cpu_location.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_get_next_obj_covering_cpuset.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_get_obj_below_array_by_type.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_get_obj_covering_cpuset.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_get_obj_inside_cpuset.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_get_shared_cache_covering_obj.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_groups.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_insert_misc.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_iodevs.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_is_thissystem.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_list_components.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_obj_infos.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_object_userdata.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_pci_backend.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_synthetic.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_topology_abi.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_topology_allow.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_topology_diff.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_topology_dup.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_topology_restrict.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_type_depth.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_type_sscanf.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/linux-libnuma.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/memattrs.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/nvml.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/opencl.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/openfabrics-verbs.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/ports/include/aix/procinfo.h
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/ports/include/aix/sys/processor.h
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/ports/include/aix/sys/rset.h
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/ports/include/aix/sys/systemcfg.h
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/ports/include/aix/sys/thread.h
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/ports/include/bgq/spi/include/kernel/location.h
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/ports/include/bgq/spi/include/kernel/process.h
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/ports/include/cuda/cuda.h
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/ports/include/cuda/cuda_runtime_api.h
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/ports/include/darwin/sys/sysctl.h
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/ports/include/freebsd/pthread.h
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/ports/include/freebsd/pthread_np.h
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/ports/include/freebsd/sys/cpuset.h
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/ports/include/freebsd/sys/domainset.h
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/ports/include/freebsd/sys/param.h
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/ports/include/freebsd/sys/sysctl.h
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/ports/include/freebsd/sys/thr.h
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/ports/include/freebsd/sys/user.h
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/ports/include/gl/NVCtrl/NVCtrl.h
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/ports/include/gl/NVCtrl/NVCtrlLib.h
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/ports/include/gl/X11/Xlib.h
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/ports/include/hpux/sys/mpctl.h
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/ports/include/netbsd/pthread.h
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/ports/include/netbsd/sched.h
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/ports/include/netbsd/sys/sysctl.h
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/ports/include/nvml/nvml.h
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/ports/include/opencl/CL/cl.h
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/ports/include/rsmi/rocm_smi/rocm_smi.h
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/ports/include/solaris/kstat.h
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/ports/include/solaris/picl.h
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/ports/include/solaris/sys/lgrp_user.h
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/ports/include/solaris/sys/processor.h
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/ports/include/solaris/sys/procset.h
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/ports/include/solaris/sys/systeminfo.h
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/ports/include/windows/windows.h
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/ports/include/windows/windowsx.h
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/rename/main.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/rsmi.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/shmem.c
Examining data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/xmlbuffer.c
Examining data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/common-ps.c
Examining data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/common-ps.h
Examining data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-annotate.c
Examining data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-bind.c
Examining data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-calc.c
Examining data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-calc.h
Examining data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-diff.c
Examining data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-distrib.c
Examining data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-dump-hwdata-knl.c
Examining data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-dump-hwdata.c
Examining data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-gather-cpuid.c
Examining data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-info.c
Examining data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-patch.c
Examining data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-ps.c
Examining data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/misc.h
Examining data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-android.c
Examining data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-ascii.c
Examining data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-cairo.c
Examining data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-draw.c
Examining data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-fig.c
Examining data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-shmem.c
Examining data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-svg.c
Examining data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-text.c
Examining data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-tikz.c
Examining data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-windows.c
Examining data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-xml.c
Examining data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo.c
Examining data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo.h
Examining data/hwloc-2.4.0~rc1+dfsg/utils/netloc/draw/netloc_draw_to_json.c
Examining data/hwloc-2.4.0~rc1+dfsg/utils/netloc/infiniband/netloc_ib_extract_dats.c
Examining data/hwloc-2.4.0~rc1+dfsg/utils/netloc/mpi/netloc_mpi_find_hosts.c
Examining data/hwloc-2.4.0~rc1+dfsg/utils/netloc/mpi/netloc_mpi_rank_file.c
Examining data/hwloc-2.4.0~rc1+dfsg/utils/netloc/mpi/netloc_rank_order.c
Examining data/hwloc-2.4.0~rc1+dfsg/utils/netloc/scotch/netlocscotch_get_arch.c

FINAL RESULTS:

data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:503:10:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
  return readlink(p, l, ll);
data/hwloc-2.4.0~rc1+dfsg/hwloc/components.c:230:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(componentsymbolname, "%s_component", basename);
data/hwloc-2.4.0~rc1+dfsg/hwloc/dolib.c:41:7:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  if (system(s)) {
data/hwloc-2.4.0~rc1+dfsg/hwloc/misc.c:47:9:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  ret = vsnprintf(str, size, format, ap);
data/hwloc-2.4.0~rc1+dfsg/hwloc/misc.c:67:11:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    ret = vsnprintf(fakestr, fakesize, format, ap);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:471:12:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    return access(p, m);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:2520:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(path, "%s/node%d/hugepages", syspath, node);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:2542:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(meminfopath, "%s/node%d/meminfo", syspath, node);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:2578:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(distancepath, "%s/node%u/distance", path, osnode);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:2616:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(path+pathlen, dmi_name);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3482:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(accesspath, "%s/node%u/access1/initiators", path, node->os_index);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3485:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(accesspath, "%s/node%u/access0/initiators", path, node->os_index);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3525:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(accessdirpath, "%s/node%u/access1/initiators", path, node->os_index);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3527:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(accessdirpath, "%s/node%u/access0/initiators", path, node->os_index);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3535:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(accesspath, "%s/read_bandwidth", accessdirpath);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3540:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(accesspath, "%s/read_latency", accessdirpath);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3546:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(accesspath, "%s/write_bandwidth", accessdirpath);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3549:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(accesspath, "%s/write_latency", accessdirpath);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3572:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(mscpath, "%s/node%u/memory_side_cache", path, osnode);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3589:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(mscpath, "%s/node%u/memory_side_cache/index%u/size", path, osnode, depth);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3593:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(mscpath, "%s/node%u/memory_side_cache/index%u/line_size", path, osnode, depth);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3597:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(mscpath, "%s/node%u/memory_side_cache/index%u/indexing", path, osnode, depth);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3833:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(nodepath, "%s/node%u/cpumap", path, osnode);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:4214:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(str, "%s/cpu%lu/online", path, cpu);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:4224:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(str, "%s/cpu%lu/topology", path, cpu);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:4254:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(str, "%s/cpu%d/topology/thread_siblings", path, i);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:4256:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(str, "%s/cpu%d/topology/core_cpus", path, i);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:4267:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	  sprintf(str, "%s/cpu%d/topology/core_id", path, i); /* contains %d at least up to 4.19 */
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:4276:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	  sprintf(str, "%s/cpu%u/topology/core_id", path, siblingid); /* contains %d at least up to 4.19 */
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:4289:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(str, "%s/cpu%d/topology/core_id", path, i); /* contains %d at least up to 4.19 */
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:4312:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(str, "%s/cpu%d/topology/die_cpus", path, i);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:4335:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(str, "%s/cpu%d/topology/core_siblings", path, i);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:4337:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(str, "%s/cpu%d/topology/package_cpus", path, i);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:4351:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	  sprintf(str, "%s/cpu%d/topology/physical_package_id", path, i); /* contains %d at least up to 4.19 */
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:4378:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(str, "%s/cpu%d/topology/die_id", path, i); /* contains %d when added in 5.2 */
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:4393:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(str, "%s/cpu%d/topology/book_siblings", path, i);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:4401:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	  sprintf(str, "%s/cpu%d/topology/book_id", path, i); /* contains %d at least up to 4.19 */
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:4418:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(str, "%s/cpu%d/topology/drawer_siblings", path, i);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:4426:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(str, "%s/cpu%d/topology/drawer_id", path, i); /* contains %d at least up to 4.19 */
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:4463:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(str, "%s/cpu%d/cpufreq/cpuinfo_max_freq", path, i);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:4468:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(str, "%s/cpu%d/cpufreq/base_frequency", path, i);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:4479:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(str, "%s/cpu%d/cache/index%d/shared_cpu_map", path, i, j);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:4486:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(str, "%s/cpu%d/topology/thread_siblings", path, i);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:4488:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(str, "%s/cpu%d/topology/core_cpus", path, i);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:4508:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	  sprintf(str, "%s/cpu%d/cache/index%d/level", path, i, j); /* contains %u at least up to 4.19 */
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:4515:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	  sprintf(str, "%s/cpu%d/cache/index%d/type", path, i, j);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:4537:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	  sprintf(str, "%s/cpu%d/cache/index%d/size", path, i, j); /* contains %uK at least up to 4.19 */
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:4549:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	  sprintf(str, "%s/cpu%d/cache/index%d/coherency_line_size", path, i, j); /* contains %u at least up to 4.19 */
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:4557:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	  sprintf(str, "%s/cpu%d/cache/index%d/number_of_sets", path, i, j); /* contains %u at least up to 4.19 */
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:4561:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	  sprintf(str, "%s/cpu%d/cache/index%d/physical_line_partition", path, i, j); /* contains %u at least up to 4.19 */
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:4604:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(str, "/sys/devices/system/cpu/types/%s/cpumap", dirent->d_name);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-x86.c:1651:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(path, "%s/hwloc-cpuid-info", src_cpuiddump_path);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:730:7:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
      sprintf(fakename, encoded ? "base64%c%s" : "normal%c%s", name ? ':' : '-', name ? name : "anon");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:2904:15:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
      _len += sprintf(_tmp+_len, format " ", (type) (values)[_i+_j]); \
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:2925:15:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      _len += sprintf(_tmp+_len, "%s:%llu ", hwloc_obj_type_string((objs)[_i+_j]->type), (unsigned long long) (objs)[_i+_j]->gp_index); \
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology.c:233:74:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
#warning No known way to discover number of available processors on this system
data/hwloc-2.4.0~rc1+dfsg/include/hwloc/openfabrics-verbs.h:76:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(path, "/sys/class/infiniband/%s/device/local_cpus",
data/hwloc-2.4.0~rc1+dfsg/include/hwloc/rename.h:650:35:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define hwloc_snprintf HWLOC_NAME(snprintf)
data/hwloc-2.4.0~rc1+dfsg/include/netloc/uthash.h:289:29:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define HASH_OOPS(...) do { fprintf(stderr,__VA_ARGS__); exit(-1); } while (0)
data/hwloc-2.4.0~rc1+dfsg/include/private/debug.h:46:110:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
static __hwloc_inline void hwloc_debug(const char *s __hwloc_attribute_unused, ...) __hwloc_attribute_format(printf, 1, 2);
data/hwloc-2.4.0~rc1+dfsg/include/private/debug.h:57:5:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
    vsprintf(buffer, s, ap);
data/hwloc-2.4.0~rc1+dfsg/include/private/debug.h:60:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stderr, s, ap);
data/hwloc-2.4.0~rc1+dfsg/include/private/misc.h:566:13:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#    define snprintf _snprintf
data/hwloc-2.4.0~rc1+dfsg/include/private/misc.h:566:22:  [4] (format) _snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#    define snprintf _snprintf
data/hwloc-2.4.0~rc1+dfsg/include/private/private.h:453:24:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define hwloc_snprintf snprintf
data/hwloc-2.4.0~rc1+dfsg/include/private/private.h:455:101:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
extern int hwloc_snprintf(char *str, size_t size, const char *format, ...) __hwloc_attribute_format(printf, 3, 4);
data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_backends.c:25:3:  [4] (tmpfile) mktemp:
  Temporary file race condition (CWE-377).
  mktemp(name);
data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/shmem.c:182:9:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  err = system(cmd);
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/common-ps.c:112:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(cmd, "%s %u", pidcmd, (unsigned) proc->pid);
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/common-ps.c:113:12:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    file = popen(cmd, "r");
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-bind.c:25:9:  [4] (shell) execvp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
#define execvp(a,b) (int)_execvp((a), (const char * const *)(b))
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-bind.c:606:9:  [4] (shell) execvp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  ret = execvp(argv[0], argv);
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-dump-hwdata-knl.c:483:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(path, PATH_SIZE-1, "%s/" KERNEL_SMBIOS_SYSFS, input_fsroot);
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-dump-hwdata.c:64:13:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        if (access(dirname, X_OK|W_OK)) {
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-gather-cpuid.c:21:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
#define access _access
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-gather-cpuid.c:524:11:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
      if (access(basedir, X_OK|W_OK) < 0) {
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-info.c:815:17:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define DO(x,y) printf(#x ":" #y " = %u\n", (unsigned char) support->x->y);
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-ascii.c:414:5:  [4] (format) swprintf:
  Potential format string problem (CWE-134). Make format string constant.
    swprintf(wbuf, len, L"%s", text);
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-draw.c:1017:6:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	    snprintf(lud->text[lud->ntext++].text, sizeof(lud->text[0].text),
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-draw.c:1024:6:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	    snprintf(lud->text[lud->ntext++].text, sizeof(lud->text[0].text),
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-draw.c:1048:6:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	    snprintf(lud->text[lud->ntext++].text, sizeof(lud->text[0].text),
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-draw.c:1060:4:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	  snprintf(lud->text[lud->ntext++].text, sizeof(lud->text[0].text),
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/infiniband/netloc_ib_extract_dats.c:166:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(node->physical_id, "%s", id);
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/infiniband/netloc_ib_extract_dats.c:254:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(path->physical_id, "%s", id_src);
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/infiniband/netloc_ib_extract_dats.c:303:17:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                sprintf(path_dest->physical_id, "%s", id_dest);
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/infiniband/netloc_ib_extract_dats.c:809:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(edge->dest, dest_node->physical_id);
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/infiniband/netloc_ib_extract_dats.c:1080:29:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                            sprintf(route->physical_id, "%s", guid);
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/infiniband/netloc_ib_extract_dats.c:1100:25:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                        sprintf(route_dest->physical_id, "%s", dest_guid);
data/hwloc-2.4.0~rc1+dfsg/hwloc/components.c:327:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  verboseenv = getenv("HWLOC_PLUGINS_VERBOSE");
data/hwloc-2.4.0~rc1+dfsg/hwloc/components.c:330:29:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  hwloc_plugins_blacklist = getenv("HWLOC_PLUGINS_BLACKLIST");
data/hwloc-2.4.0~rc1+dfsg/hwloc/components.c:336:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  env = getenv("HWLOC_PLUGINS_PATH");
data/hwloc-2.4.0~rc1+dfsg/hwloc/components.c:451:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  verboseenv = getenv("HWLOC_COMPONENTS_VERBOSE");
data/hwloc-2.4.0~rc1+dfsg/hwloc/components.c:707:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      char *env = getenv("HWLOC_ANNOTATE_GLOBAL_COMPONENTS");
data/hwloc-2.4.0~rc1+dfsg/hwloc/components.c:758:10:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  _env = getenv("HWLOC_COMPONENTS");
data/hwloc-2.4.0~rc1+dfsg/hwloc/components.c:1041:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  local_env = getenv("HWLOC_THISSYSTEM");
data/hwloc-2.4.0~rc1+dfsg/hwloc/cpukinds.c:460:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  env = getenv("HWLOC_CPUKINDS_RANKING");
data/hwloc-2.4.0~rc1+dfsg/hwloc/distances.c:40:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  env = getenv("HWLOC_GROUPING");
data/hwloc-2.4.0~rc1+dfsg/hwloc/distances.c:56:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    env = getenv("HWLOC_GROUPING_ACCURACY");
data/hwloc-2.4.0~rc1+dfsg/hwloc/distances.c:68:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    env = getenv("HWLOC_GROUPING_VERBOSE");
data/hwloc-2.4.0~rc1+dfsg/hwloc/pci-common.c:129:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  env = getenv("HWLOC_PCI_LOCALITY");
data/hwloc-2.4.0~rc1+dfsg/hwloc/pci-common.c:485:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    env = getenv(envname);
data/hwloc-2.4.0~rc1+dfsg/hwloc/shmem.c:232:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (getenv("HWLOC_DEBUG_CHECK"))
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-bgq.c:34:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    env = getenv("BG_THREADMODEL");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-bgq.c:278:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    const char *env = getenv("HWLOC_FORCE_BGQ");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-fake.c:19:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (getenv("HWLOC_DEBUG_FAKE_COMPONENT_TWEAK")) {
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-fake.c:52:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (getenv("HWLOC_DEBUG_FAKE_COMPONENT"))
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-fake.c:78:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (getenv("HWLOC_DEBUG_FAKE_COMPONENT"))
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-fake.c:88:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (getenv("HWLOC_DEBUG_FAKE_COMPONENT"))
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:2076:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  fsroot_path = getenv("HWLOC_FSROOT");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3282:25:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  char * fallback_env = getenv("HWLOC_KNL_HDH_FALLBACK");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3284:30:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  char * mscache_as_l3_env = getenv("HWLOC_KNL_MSCACHE_L3");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3798:41:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  int allow_overlapping_node_cpusets = (getenv("HWLOC_DEBUG_ALLOW_OVERLAPPING_NODE_CPUSETS") != NULL);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3869:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	char *env = getenv("HWLOC_KEEP_NVIDIA_GPU_NUMA_NODES");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3960:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	char *env = getenv("HWLOC_KNL_NUMA_QUIRK");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5035:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  env = getenv("HWLOC_DUMP_NOFILE_INFO");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5084:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (getenv("HWLOC_NO_HARDWIRED_TOPOLOGY"))
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:6568:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (getenv("HWLOC_VIRTUAL_LINUX_OSDEV"))
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:6648:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  fsroot_path = getenv("HWLOC_FSROOT");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:6689:33:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  data->dumped_hwdata_dirname = getenv("HWLOC_DUMPED_HWDATA_DIR");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:6696:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  env = getenv("HWLOC_USE_NUMA_DISTANCES");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-rsmi.c:287:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    char *env = getenv("HWLOC_RSMI_SHUTDOWN");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-solaris-chiptype.c:444:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  env = getenv("HWLOC_PICL_HETEROGENEOUS");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-solaris.c:488:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  const char *env = getenv("HWLOC_USE_NUMA_DISTANCES");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-synthetic.c:440:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  const char *env = getenv("HWLOC_SYNTHETIC_VERBOSE");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-synthetic.c:1042:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    const char *env = getenv("HWLOC_SYNTHETIC");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-synthetic.c:1454:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  const char *env = getenv("HWLOC_SYNTHETIC_VERBOSE");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-windows.c:243:16:  [3] (misc) LoadLibrary:
  Ensure that the full path to the library is specified, or current directory
  may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
  find library path, if you aren't already.
    kernel32 = LoadLibrary("kernel32.dll");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-windows.c:277:23:  [3] (misc) LoadLibrary:
  Ensure that the full path to the library is specified, or current directory
  may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
  find library path, if you aren't already.
      HMODULE psapi = LoadLibrary("psapi.dll");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-x86.c:1564:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (getenv("HWLOC_X86_TOPOEXT_NUMANODES")) {
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-x86.c:1744:24:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  src_cpuiddump_path = getenv("HWLOC_CPUID_PATH");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml-libxml.c:38:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (getenv("HWLOC_LIBXML_CLEANUP"))
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:24:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    const char *env = getenv("HWLOC_XML_VERBOSE");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:38:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    const char *env = getenv("HWLOC_LIBXML");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:42:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      env = getenv("HWLOC_LIBXML_IMPORT");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:57:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    const char *env = getenv("HWLOC_LIBXML");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:61:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      env = getenv("HWLOC_LIBXML_EXPORT");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:1999:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  env = getenv("HWLOC_XML_V1DIST_SCALE");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:3218:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    env = getenv("HWLOC_XML_EXPORT_SUPPORT");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:3620:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    env = getenv("HWLOC_XMLFILE");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology.c:70:26:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    const char *envvar = getenv("HWLOC_HIDE_ERRORS");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology.c:1067:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (getenv("HWLOC_DEBUG_CHECK"))
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology.c:1947:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (getenv("HWLOC_DEBUG_CHECK"))
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology.c:1985:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (getenv("HWLOC_DEBUG_CHECK"))
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology.c:3341:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	  || ((env = getenv("HWLOC_THISSYSTEM_ALLOWED_RESOURCES")) != NULL && atoi(env)))) {
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology.c:3443:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (getenv("HWLOC_DEBUG_SORT_CHILDREN"))
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology.c:3492:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      && !getenv("HWLOC_DONT_ADD_VERSION_INFO")) {
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology.c:3890:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (getenv("HWLOC_XML_USERDATA_NOT_DECODED"))
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology.c:3894:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (!getenv("HWLOC_COMPONENTS")) {
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology.c:3903:37:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      const char *fsroot_path_env = getenv("HWLOC_FSROOT");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology.c:3911:36:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      const char *cpuid_path_env = getenv("HWLOC_CPUID_PATH");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology.c:3919:35:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      const char *synthetic_env = getenv("HWLOC_SYNTHETIC");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology.c:3927:33:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      const char *xmlpath_env = getenv("HWLOC_XMLFILE");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology.c:3939:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  env = getenv("HWLOC_ALLOW");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology.c:3965:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (getenv("HWLOC_DEBUG_CHECK"))
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology.c:4276:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (getenv("HWLOC_DEBUG_CHECK"))
data/hwloc-2.4.0~rc1+dfsg/include/hwloc/plugins.h:439:32:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      const char *verboseenv = getenv("HWLOC_PLUGINS_VERBOSE");
data/hwloc-2.4.0~rc1+dfsg/include/private/debug.h:35:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    const char *env = getenv("HWLOC_DEBUG_VERBOSE");
data/hwloc-2.4.0~rc1+dfsg/netloc/architecture.c:108:22:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    char *filename = getenv("NETLOC_CURRENTSLOTS");
data/hwloc-2.4.0~rc1+dfsg/netloc/architecture.c:767:28:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    char *partition_name = getenv("NETLOC_PARTITION");
data/hwloc-2.4.0~rc1+dfsg/netloc/architecture.c:768:22:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    char *topopath = getenv("NETLOC_TOPOFILE");
data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_get_last_cpu_location.c:89:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    && getenv("HWLOC_TEST_DONTCHECK_PROC_CPULOCATION") == NULL;
data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_topology_abi.c:37:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (!getenv("HWLOC_IGNORE_TOPOLOGY_ABI")) {
data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/ports/include/windows/windows.h:113:18:  [3] (misc) LoadLibrary:
  Ensure that the full path to the library is specified, or current directory
  may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
  find library path, if you aren't already.
WINAPI HINSTANCE LoadLibrary(LPCSTR);
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-annotate.c:315:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if (!getenv("HWLOC_XML_VERBOSE"))
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-calc.c:317:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (!getenv("HWLOC_XML_VERBOSE"))
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-calc.c:319:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (!getenv("HWLOC_SYNTHETIC_VERBOSE"))
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-diff.c:38:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if (!getenv("HWLOC_XML_VERBOSE"))
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-distrib.c:66:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (!getenv("HWLOC_XML_VERBOSE"))
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-distrib.c:68:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (!getenv("HWLOC_SYNTHETIC_VERBOSE"))
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-dump-hwdata.c:74:20:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    input_fsroot = getenv("HWLOC_FSROOT");
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-gather-cpuid.c:493:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (!getenv("HWLOC_COMPONENTS"))
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-info.c:515:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (!getenv("HWLOC_XML_VERBOSE"))
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-info.c:517:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (!getenv("HWLOC_SYNTHETIC_VERBOSE"))
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-patch.c:81:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if (!getenv("HWLOC_XML_VERBOSE"))
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/misc.h:257:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    env = getenv("HWLOC_COMPONENTS");
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/misc.h:282:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    env = getenv("HWLOC_COMPONENTS");
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-tikz.c:26:24:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  char *font_request = getenv(TIKZ_FONTFAMILY_ENV);
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo.c:693:29:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  int measure_load_time = !!getenv("HWLOC_DEBUG_LOAD_TIME");
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo.c:760:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  env = getenv("LSTOPO_TEXT_XSCALE");
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo.c:784:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (!getenv("HWLOC_XML_VERBOSE"))
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo.c:786:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (!getenv("HWLOC_SYNTHETIC_VERBOSE"))
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo.c:1315:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (getenv("DISPLAY")) {
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo.c:1427:24:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
      char *fullpath = realpath(input, NULL);
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/infiniband/netloc_ib_extract_dats.c:520:15:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
        char *realpath;
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/infiniband/netloc_ib_extract_dats.c:522:23:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
            asprintf(&realpath, "%s/%s", outpath, hwlocpath);
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/infiniband/netloc_ib_extract_dats.c:527:33:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
        DIR *hwlocdir = opendir(realpath);
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/infiniband/netloc_ib_extract_dats.c:529:72:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
            fprintf(stderr, "Couldn't open hwloc directory: \"%s\"\n", realpath);
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/infiniband/netloc_ib_extract_dats.c:533:18:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
            free(realpath);
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/infiniband/netloc_ib_extract_dats.c:536:14:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
        free(realpath);
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/mpi/netloc_mpi_find_hosts.c:168:26:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        char *topopath = getenv("NETLOC_TOPOFILE");
data/hwloc-2.4.0~rc1+dfsg/contrib/misc/hwloc-tweak-osindex.c:108:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  old_index = atoi(argv[4]);
data/hwloc-2.4.0~rc1+dfsg/contrib/misc/hwloc-tweak-osindex.c:109:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  new_index = atoi(argv[5]);
data/hwloc-2.4.0~rc1+dfsg/doc/examples/cpuset+bitmap+cpubind.c:26:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char type[64];
data/hwloc-2.4.0~rc1+dfsg/doc/examples/gpu.c:47:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        devid = atoi(obj->name + 4);
data/hwloc-2.4.0~rc1+dfsg/doc/examples/gpu.c:61:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
          int mp = atoi(s);
data/hwloc-2.4.0~rc1+dfsg/doc/examples/gpu.c:64:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int mp_cores = atoi(s);
data/hwloc-2.4.0~rc1+dfsg/doc/examples/gpu.c:73:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        platformid = atoi(obj->name + 6);
data/hwloc-2.4.0~rc1+dfsg/doc/examples/gpu.c:76:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        devid = atoi(dev + 1);
data/hwloc-2.4.0~rc1+dfsg/doc/examples/gpu.c:98:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char name[16];
data/hwloc-2.4.0~rc1+dfsg/doc/examples/hwloc-hello-cpp.cpp:23:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char type[32], attr[1024];
data/hwloc-2.4.0~rc1+dfsg/doc/examples/hwloc-hello-cpp.cpp:45:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char string[128];
data/hwloc-2.4.0~rc1+dfsg/doc/examples/hwloc-hello.c:23:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char type[32], attr[1024];
data/hwloc-2.4.0~rc1+dfsg/doc/examples/hwloc-hello.c:45:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char string[128];
data/hwloc-2.4.0~rc1+dfsg/doc/examples/sharedcaches.c:27:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    hispid = atoi(argv[1]);
data/hwloc-2.4.0~rc1+dfsg/doc/examples/sharedcaches.c:88:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char type[64];
data/hwloc-2.4.0~rc1+dfsg/doc/examples/sharedcaches.c:89:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char attr[64];
data/hwloc-2.4.0~rc1+dfsg/hwloc/base64.c:137:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char input[3];
data/hwloc-2.4.0~rc1+dfsg/hwloc/base64.c:138:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char output[4];
data/hwloc-2.4.0~rc1+dfsg/hwloc/bitmap.c:219:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(new->ulongs, old->ulongs, new->ulongs_count * sizeof(unsigned long));
data/hwloc-2.4.0~rc1+dfsg/hwloc/bitmap.c:240:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(dst->ulongs, src->ulongs, src->ulongs_count * sizeof(unsigned long));
data/hwloc-2.4.0~rc1+dfsg/hwloc/bitmap.c:667:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ustr[17];
data/hwloc-2.4.0~rc1+dfsg/hwloc/bitmap.c:675:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ustr, current, tmpchars);
data/hwloc-2.4.0~rc1+dfsg/hwloc/components.c:328:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  hwloc_plugins_verbose = verboseenv ? atoi(verboseenv) : 0;
data/hwloc-2.4.0~rc1+dfsg/hwloc/components.c:452:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  hwloc_components_verbose = verboseenv ? atoi(verboseenv) : 0;
data/hwloc-2.4.0~rc1+dfsg/hwloc/components.c:708:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      if (env && atoi(env))
data/hwloc-2.4.0~rc1+dfsg/hwloc/components.c:1043:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    topology->is_thissystem = atoi(local_env);
data/hwloc-2.4.0~rc1+dfsg/hwloc/cpukinds.c:50:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(kinds, old->cpukinds, old->nr_cpukinds * sizeof(*kinds));
data/hwloc-2.4.0~rc1+dfsg/hwloc/cpukinds.c:312:42:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        summary->summaries[i].max_freq = atoi(info->value);
data/hwloc-2.4.0~rc1+dfsg/hwloc/cpukinds.c:314:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        summary->summaries[i].base_freq = atoi(info->value);
data/hwloc-2.4.0~rc1+dfsg/hwloc/distances.c:41:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  if (env && !atoi(env))
data/hwloc-2.4.0~rc1+dfsg/hwloc/distances.c:70:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      topology->grouping_verbose = atoi(env);
data/hwloc-2.4.0~rc1+dfsg/hwloc/distances.c:122:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(newdist->different_types, olddist->different_types, nbobjs * sizeof(*newdist->different_types));
data/hwloc-2.4.0~rc1+dfsg/hwloc/distances.c:140:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(newdist->indexes, olddist->indexes, nbobjs * sizeof(*newdist->indexes));
data/hwloc-2.4.0~rc1+dfsg/hwloc/distances.c:141:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(newdist->values, olddist->values, nbobjs*nbobjs * sizeof(*newdist->values));
data/hwloc-2.4.0~rc1+dfsg/hwloc/distances.c:507:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(_objs, objs, nbobjs*sizeof(hwloc_obj_t));
data/hwloc-2.4.0~rc1+dfsg/hwloc/distances.c:508:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(_values, values, nbobjs*nbobjs*sizeof(*_values));
data/hwloc-2.4.0~rc1+dfsg/hwloc/distances.c:699:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(distances->objs, dist->objs, nbobjs * sizeof(hwloc_obj_t));
data/hwloc-2.4.0~rc1+dfsg/hwloc/distances.c:704:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(distances->values, dist->values, nbobjs*nbobjs*sizeof(*distances->values));
data/hwloc-2.4.0~rc1+dfsg/hwloc/dolib.c:18:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char s[1024];
data/hwloc-2.4.0~rc1+dfsg/hwloc/dolib.c:19:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[16];
data/hwloc-2.4.0~rc1+dfsg/hwloc/memattrs.c:135:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(imattrs, old->memattrs, old->nr_memattrs * sizeof(*imattrs));
data/hwloc-2.4.0~rc1+dfsg/hwloc/memattrs.c:161:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(nimattr->targets, oimattr->targets, oimattr->nr_targets * sizeof(*nimattr->targets));
data/hwloc-2.4.0~rc1+dfsg/hwloc/memattrs.c:179:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(nimtg->initiators, oimtg->initiators, oimtg->nr_initiators * sizeof(*nimtg->initiators));
data/hwloc-2.4.0~rc1+dfsg/hwloc/memattrs.c:457:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&imtg->initiators[l], &imtg->initiators[k], sizeof(*imtg->initiators));
data/hwloc-2.4.0~rc1+dfsg/hwloc/memattrs.c:479:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&imattr->targets[k], &imattr->targets[j], sizeof(*imattr->targets));
data/hwloc-2.4.0~rc1+dfsg/hwloc/misc.c:74:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(str, fakestr, size-1);
data/hwloc-2.4.0~rc1+dfsg/hwloc/misc.c:118:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[256], *local_basename;
data/hwloc-2.4.0~rc1+dfsg/hwloc/pci-common.c:21:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#define open _open
data/hwloc-2.4.0~rc1+dfsg/hwloc/pci-common.c:135:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = open(env, O_RDONLY);
data/hwloc-2.4.0~rc1+dfsg/hwloc/pci-common.c:190:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char busid[14];
data/hwloc-2.4.0~rc1+dfsg/hwloc/pci-common.c:481:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char envname[256];
data/hwloc-2.4.0~rc1+dfsg/hwloc/pci-common.c:764:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char seen[256] = { 0 };
data/hwloc-2.4.0~rc1+dfsg/hwloc/pci-common.c:800:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&linksta, &config[offset + HWLOC_PCI_EXP_LNKSTA], 4);
data/hwloc-2.4.0~rc1+dfsg/hwloc/shmem.c:208:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(new, old, sizeof(*old));
data/hwloc-2.4.0~rc1+dfsg/hwloc/shmem.c:222:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(new->support.discovery, old->support.discovery, sizeof(*new->support.discovery));
data/hwloc-2.4.0~rc1+dfsg/hwloc/shmem.c:223:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(new->support.cpubind, old->support.cpubind, sizeof(*new->support.cpubind));
data/hwloc-2.4.0~rc1+dfsg/hwloc/shmem.c:224:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(new->support.membind, old->support.membind, sizeof(*new->support.membind));
data/hwloc-2.4.0~rc1+dfsg/hwloc/shmem.c:225:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(new->support.misc, old->support.misc, sizeof(*new->support.misc));
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-bgq.c:35:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (!env || atoi(env) != 2) {
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-bgq.c:279:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (!env || !atoi(env)) {
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-cuda.c:87:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cuda_name[32];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-cuda.c:88:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char number[32];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-darwin.c:48:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char cpumodel[64];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-darwin.c:49:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char cpuvendor[64];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-darwin.c:50:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char cpufamilynumber[20], cpumodelnumber[20], cpustepping[20];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-darwin.c:248:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(cacheconfig32, cacheconfig, size);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-freebsd.c:372:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char nb[12];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-freebsd.c:397:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(nb, "%d:", i);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-freebsd.c:401:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int tmp = atoi(ptr);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-gl.c:46:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char displayName[12];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-gl.c:73:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char name[64];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:449:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    return open(p, O_RDONLY);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:459:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    return fopen(p, m);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:538:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char string[11];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:541:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  *value = atoi(string);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:548:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char string[11];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:558:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char string[22];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:1059:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    tids[nr_tids++] = atoi(dirent->d_name);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:1075:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char taskdir_path[128];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:1479:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[1024] = "";
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:1480:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[64];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:2082:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    root_fd = open(fsroot_path, O_RDONLY | O_DIRECTORY);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:2218:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char ctrls[1024]; /* there are about ten controllers with 10-char names */
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:2219:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char ctrlpath[256];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:2297:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char cpuset_name[CPUSET_NAME_LEN];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:2330:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[CGROUP_LINE_LEN];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:2368:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char cpuset_filename[CPUSET_FILENAME_LEN];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:2404:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[4096];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:2429:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char line[64];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:2430:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char path[SYSFS_NUMA_NODE_PATH_LEN];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:2512:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char path[SYSFS_NUMA_NODE_PATH_LEN];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:2513:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char meminfopath[SYSFS_NUMA_NODE_PATH_LEN];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:2572:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char distancepath[SYSFS_NUMA_NODE_PATH_LEN];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:2614:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char dmi_line[64];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:2632:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char path[128];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:2636:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(path, "/sys/devices/virtual/dmi/id");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:2641:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(path, "/sys/class/dmi/id");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:2678:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char memory_mode[32];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:2679:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char cluster_mode[32];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:2937:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[512] = {0};
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:2985:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(hwdata->cluster_mode, data_beg, length);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:2994:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(hwdata->memory_mode, data_beg, length);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3059:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(hwdata->cluster_mode, "Quadrant");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3061:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(hwdata->memory_mode, "Cache");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3075:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(hwdata->cluster_mode, "SNC2");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3077:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(hwdata->memory_mode, "Cache");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3086:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(hwdata->cluster_mode, "Quadrant");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3089:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	  strcpy(hwdata->memory_mode, "Hybrid25");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3091:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	  strcpy(hwdata->memory_mode, "Hybrid50");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3093:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	  strcpy(hwdata->memory_mode, "Flat");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3115:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(hwdata->cluster_mode, "SNC2");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3118:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	  strcpy(hwdata->memory_mode, "Hybrid25");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3120:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	  strcpy(hwdata->memory_mode, "Hybrid50");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3122:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	  strcpy(hwdata->memory_mode, "Flat");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3137:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(hwdata->cluster_mode, "SNC4");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3139:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(hwdata->memory_mode, "Cache");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3148:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(hwdata->cluster_mode, "SNC4");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3151:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(hwdata->memory_mode, "Hybrid25");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3153:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(hwdata->memory_mode, "Hybrid50");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3155:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(hwdata->memory_mode, "Flat");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3283:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  int fallback = fallback_env ? atoi(fallback_env) : -1; /* by default, only fallback if needed */
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3285:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  int mscache_as_l3 = mscache_as_l3_env ? atoi(mscache_as_l3_env) : 1; /* L3 by default, for backward compat */
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3474:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char accesspath[SYSFS_NUMA_NODE_PATH_LEN];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3516:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char accessdirpath[SYSFS_NUMA_NODE_PATH_LEN];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3517:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char accesspath[SYSFS_NUMA_NODE_PATH_LEN+15];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3568:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char mscpath[SYSFS_NUMA_NODE_PATH_LEN];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3587:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    depth = atoi(dirent->d_name+5);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3829:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char nodepath[SYSFS_NUMA_NODE_PATH_LEN];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3870:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int keep = env && atoi(env);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3872:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	  char nvgpunumapath[300], line[256];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3883:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		nvgpu_node = atoi(value);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3890:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		      char nvgpulocalcpuspath[300];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3917:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	  char daxpath[300];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:3961:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int noquirk = (env && !atoi(env));
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:4135:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char value[11];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:4169:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char str[CPU_TOPOLOGY_STR_LEN];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:4197:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char online[2];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:4216:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  if (!atoi(online)) {
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:4476:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char str2[20]; /* enough for a level number (one digit) or a type (Data/Instruction/Unified) */
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:4818:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char str[128]; /* vendor/model can be very long */
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:4972:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char line[128]; /* enough for utsname fields */
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5021:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	data->fallback_nbprocessors = atoi(line+22);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5037:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(env, "w");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5088:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[128];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5366:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char path[256];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5396:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char path[256];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5416:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char olddevpath[256];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5528:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char path[296]; /* osdevpath <= 256 */
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5529:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char line[128];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5530:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char vendor[64] = "";
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5531:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char model[64] = "";
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5532:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char serial[64] = "";
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5533:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char revision[64] = "";
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5534:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char blocktype[64] = "";
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5573:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(blocktype, "NVDIMM"); /* Save the blocktype now since udev reports "" so far */
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5664:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(vendor, "Western Digital");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5666:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(vendor, "Seagate");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5668:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(vendor, "Samsung");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5670:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(vendor, "SanDisk");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5672:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(vendor, "Toshiba");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5712:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char path[256];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5761:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char path[300];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5762:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char driver[256];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5800:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char path[256];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5831:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char path[296]; /* osdevpath <= 256 */
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5832:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char address[128];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5843:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char hexid[16];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5856:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char portstr[21];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5877:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char path[256];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5905:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char path[296]; /* osdevpath <= 256 */
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5906:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char guidvalue[20];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5926:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char statevalue[2];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5927:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lidvalue[11];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5928:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char gidvalue[40];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5932:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char statename[32];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5943:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char lidname[32];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5953:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char lidname[32];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5964:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char gidname[32];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5994:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char path[256];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:6035:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char path[256];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:6090:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char path[256];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:6115:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char handle[2];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:6116:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char phy_mem_handle[2];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:6117:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char mem_err_handle[2];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:6118:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char tot_width[2];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:6119:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char dat_width[2];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:6120:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char size[2];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:6126:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char type_detail[2];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:6127:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char speed[2];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:6154:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[256]; /* enough for memory device strings, or at least for each of them */
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:6261:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char path[128];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:6321:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char config_space_cache[CONFIG_SPACE_CACHESIZE+1]; /* one more byte for the ending \0 in hwloc_read_path_by_length() */
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:6329:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char path[64];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:6330:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char value[16];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:6456:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	width = atoi(value);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:6481:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char path[64];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:6482:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buf[64];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:6656:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    root = open(fsroot_path, O_RDONLY | O_DIRECTORY);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:6698:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    unsigned val = atoi(env);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-nvml.c:54:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[64];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-opencl.c:107:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buffer[64];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-pci.c:191:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char config_space_cache[CONFIG_SPACE_CACHESIZE];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-pci.c:272:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char path[64];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-pci.c:273:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char value[16];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-pci.c:279:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      file = fopen(path, "r");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-pci.c:290:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      file = fopen(path, "r");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-pci.c:329:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char path[128];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-pci.c:330:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char value[16];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-pci.c:337:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      file = fopen(path, "r");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-pci.c:346:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      file = fopen(path, "r");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-pci.c:351:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  width = atoi(value);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-rsmi.c:99:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(buffer, "%lx", id);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-rsmi.c:139:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(buffer, "%lx", hive_id);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-rsmi.c:216:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[64];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-rsmi.c:255:29:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          xgmi_peers_ptr += sprintf(xgmi_peers_ptr, "rsmi%u ", j);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-solaris-chiptype.c:153:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char dss_chip_type[PICL_PROPNAMELEN_MAX+1];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-solaris-chiptype.c:154:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char dss_chip_model[PICL_PROPNAMELEN_MAX+1];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-solaris-chiptype.c:320:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char            string_val[PICL_PROPNAMELEN_MAX];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-solaris-chiptype.c:361:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char            string_val[PICL_PROPNAMELEN_MAX+1];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-solaris-chiptype.c:445:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  if (env && atoi(env))
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-solaris-chiptype.c:504:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(info, &chip_info, sizeof(*info));
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-solaris.c:489:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  int need_distances = env && atoi(env);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-solaris.c:544:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char architecture[6] = "";
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-synthetic.c:445:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    verbose = atoi(env);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-synthetic.c:1213:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char cachesize[64] = "";
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-synthetic.c:1214:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char memsize[64] = "";
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-synthetic.c:1279:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char aritys[12] = "";
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-synthetic.c:1308:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char types[64];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-synthetic.c:1457:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    verbose = atoi(env);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-windows.c:846:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char versionstr[20];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-windows.c:847:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char hostname[122] = "";
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-x86.c:75:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char line[128];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-x86.c:89:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  file = fopen(filename, "r");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-x86.c:216:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char cpuvendor[13];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-x86.c:217:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char cpumodel[3*4*4+1];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-x86.c:649:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(infos->cpuvendor, regs+1, 4*3);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-x86.c:657:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(infos->cpumodel, regs, 4*4);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-x86.c:660:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(infos->cpumodel + 4*4, regs, 4*4);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-x86.c:663:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(infos->cpumodel + 4*4*2, regs, 4*4);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-x86.c:834:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char number[12];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-x86.c:1642:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char line [32];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-x86.c:1652:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  file = fopen(path, "r");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml-nolibxml.c:358:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  file = fopen(xmlpath, "r");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml-nolibxml.c:418:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(nbdata->buffer, xmlbuffer, xmlbuflen);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml-nolibxml.c:456:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buffer, xmlbuffer, xmlbuflen);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml-nolibxml.c:560:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(dst, src, sublen);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml-nolibxml.c:567:16:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    case '\n': strcpy(dst, "&#10;");  replen=5; break;
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml-nolibxml.c:568:16:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    case '\r': strcpy(dst, "&#13;");  replen=5; break;
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml-nolibxml.c:569:16:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    case '\t': strcpy(dst, "&#9;");   replen=4; break;
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml-nolibxml.c:570:16:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    case '\"': strcpy(dst, "&quot;"); replen=6; break;
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml-nolibxml.c:571:16:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    case '<':  strcpy(dst, "&lt;");   replen=4; break;
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml-nolibxml.c:572:16:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    case '>':  strcpy(dst, "&gt;");   replen=4; break;
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml-nolibxml.c:573:16:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    case '&':  strcpy(dst, "&amp;");  replen=5; break;
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml-nolibxml.c:579:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst, src, sublen);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml-nolibxml.c:754:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(filename, "w");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml-nolibxml.c:854:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(filename, "w");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:26:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      verbose = atoi(env);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:40:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      nolibxml = !atoi(env);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:44:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	nolibxml = !atoi(env);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:59:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      nolibxml = !atoi(env);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:63:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	nolibxml = !atoi(env);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:179:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int lvalue = atoi(value);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:773:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *c1, *cc1, t1[64];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:1272:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      value = atoi(attrvalue);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:1440:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    length = atoi(attrvalue);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:1786:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      forced_efficiency = atoi(attrvalue);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:1883:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    switch (atoi(type_s)) {
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:1908:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      obj_attr_type = atoi(obj_attr_type_s);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:1921:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      diff->obj_attr.obj_depth = atoi(obj_depth_s);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:1922:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      diff->obj_attr.obj_index = atoi(obj_index_s);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:1997:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char scalestring[20];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:2033:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(scalestring, "%f", scale);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:2391:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tmp[255];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:2405:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(tmp, "%u", obj->os_index);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:2485:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(tmp, "%llu", (unsigned long long) obj->gp_index);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:2507:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(tmp, "%llu", (unsigned long long) obj->attr->numanode.local_memory);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:2513:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(tmp, "%llu", (unsigned long long) obj->attr->numanode.page_types[i].size);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:2515:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(tmp, "%llu", (unsigned long long) obj->attr->numanode.page_types[i].count);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:2529:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(tmp, "%llu", (unsigned long long) obj->attr->cache.size);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:2531:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(tmp, "%u", obj->attr->cache.depth);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:2533:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(tmp, "%u", (unsigned) obj->attr->cache.linesize);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:2535:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(tmp, "%d", obj->attr->cache.associativity);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:2537:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(tmp, "%d", (int) obj->attr->cache.type);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:2542:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(tmp, "%u", obj->attr->group.depth);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:2547:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(tmp, "%u", obj->attr->group.kind);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:2549:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(tmp, "%u", obj->attr->group.subkind);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:2556:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(tmp, "%d-%d", (int) obj->attr->bridge.upstream_type, (int) obj->attr->bridge.downstream_type);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:2558:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(tmp, "%u", obj->attr->bridge.depth);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:2561:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(tmp, "%04x:[%02x-%02x]",
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:2571:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(tmp, "%04x:%02x:%02x.%01x",
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:2577:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(tmp, "%04x [%04x:%04x] [%04x:%04x] %02x",
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:2583:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(tmp, "%f", obj->attr->pcidev.linkspeed);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:2587:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(tmp, "%d", (int) obj->attr->osdev.type);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:2683:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(tmp, "%u", nbobjs);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:2685:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(tmp, "%d", depth);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:2687:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(tmp, "%f", 1.f);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:2695:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	  sprintf(tmp, "%f", (float) dist->values[k]);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:2895:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char _tmp[255]; /* enough for (snprintf(format)+space) x maxperline */ \
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:2896:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char _tmp2[16]; \
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:2906:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(_tmp2, "%lu", (unsigned long) _len); \
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:2916:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char _tmp[255]; /* enough for (snprintf(type+index)+space) x maxperline */ \
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:2917:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char _tmp2[16]; \
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:2927:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(_tmp2, "%lu", (unsigned long) _len); \
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:2937:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tmp[255];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:2948:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(tmp, "%u", nbobjs);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:2950:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(tmp, "%lu", dist->kind);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:2987:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tmp[11];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:3002:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(tmp, "%u", topology->support._cat->_name); \
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:3060:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tmp[255];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:3111:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[255];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:3151:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char tmp[11];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:3219:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (!env || atoi(env))
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:3231:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[255];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:3235:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(tmp, "%d", (int) diff->generic.type);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:3240:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(tmp, "%d", diff->obj_attr.obj_depth);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:3242:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(tmp, "%u", diff->obj_attr.obj_index);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:3245:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(tmp, "%d", (int) diff->obj_attr.diff.generic.type);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:3250:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(tmp, "%llu", (unsigned long long) diff->obj_attr.diff.uint64.index);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:3252:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(tmp, "%llu", (unsigned long long) diff->obj_attr.diff.uint64.oldvalue);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:3254:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(tmp, "%llu", (unsigned long long) diff->obj_attr.diff.uint64.newvalue);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:3483:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tmp[255];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:3487:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(tmp, "%lu", (unsigned long) length);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology.c:72:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      hide = atoi(envvar);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology.c:83:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char typestr[64];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology.c:110:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char newstr[512];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology.c:111:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char oldstr[512];
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology.c:342:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char type[64], idx[12], attr[1024], *cpuset = NULL;
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology.c:586:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(old, new, sizeof(*old));
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology.c:841:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(newobj->attr, src->attr, sizeof(*newobj->attr));
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology.c:846:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(newobj->attr->numanode.page_types, src->attr->numanode.page_types, len);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology.c:1001:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(new->type_filter, old->type_filter, sizeof(old->type_filter));
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology.c:1007:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&new->binding_hooks, &old->binding_hooks, sizeof(old->binding_hooks));
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology.c:1009:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(new->support.discovery, old->support.discovery, sizeof(*old->support.discovery));
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology.c:1010:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(new->support.cpubind, old->support.cpubind, sizeof(*old->support.cpubind));
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology.c:1011:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(new->support.membind, old->support.membind, sizeof(*old->support.membind));
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology.c:1012:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(new->support.misc, old->support.misc, sizeof(*old->support.misc));
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology.c:2631:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(array, root->children, arity * sizeof(*array));
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology.c:2968:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(objs, topology->levels[0][0]->children, n_objs*sizeof(objs[0]));
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology.c:3030:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  memcpy(&new_objs[n_new_objs], objs[i]->children, objs[i]->arity * sizeof(new_objs[0]));
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology.c:3341:72:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  || ((env = getenv("HWLOC_THISSYSTEM_ALLOWED_RESOURCES")) != NULL && atoi(env)))) {
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology.c:3360:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&node->attr->numanode, &topology->machine_memory, sizeof(topology->machine_memory));
data/hwloc-2.4.0~rc1+dfsg/hwloc/traversal.c:617:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char assoc[32];
data/hwloc-2.4.0~rc1+dfsg/hwloc/traversal.c:638:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char up[128], down[64];
data/hwloc-2.4.0~rc1+dfsg/hwloc/traversal.c:641:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char linkspeed[64]= "";
data/hwloc-2.4.0~rc1+dfsg/hwloc/traversal.c:661:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char linkspeed[64]= "";
data/hwloc-2.4.0~rc1+dfsg/include/hwloc/cuda.h:98:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char path[HWLOC_CUDA_DEVICE_SYSFS_PATH_MAX];
data/hwloc-2.4.0~rc1+dfsg/include/hwloc/cuda.h:109:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(path, "/sys/bus/pci/devices/%04x:%02x:%02x.0/local_cpus", domainid, busid, deviceid);
data/hwloc-2.4.0~rc1+dfsg/include/hwloc/cuda.h:206:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		    && atoi(osdev->name + 4) == (int) idx)
data/hwloc-2.4.0~rc1+dfsg/include/hwloc/cudart.h:95:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char path[HWLOC_CUDART_DEVICE_SYSFS_PATH_MAX];
data/hwloc-2.4.0~rc1+dfsg/include/hwloc/cudart.h:106:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(path, "/sys/bus/pci/devices/%04x:%02x:%02x.0/local_cpus", (unsigned) domain, (unsigned) bus, (unsigned) dev);
data/hwloc-2.4.0~rc1+dfsg/include/hwloc/cudart.h:163:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		    && atoi(osdev->name + 4) == (int) idx)
data/hwloc-2.4.0~rc1+dfsg/include/hwloc/deprecated.h:88:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(typeattrp, &attr.cache.type, sizeof(hwloc_obj_cache_type_t));
data/hwloc-2.4.0~rc1+dfsg/include/hwloc/nvml.h:62:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char path[HWLOC_NVML_DEVICE_SYSFS_PATH_MAX];
data/hwloc-2.4.0~rc1+dfsg/include/hwloc/nvml.h:77:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(path, "/sys/bus/pci/devices/%04x:%02x:%02x.0/local_cpus", pci.domain, pci.bus, pci.device);
data/hwloc-2.4.0~rc1+dfsg/include/hwloc/nvml.h:109:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		    && atoi(osdev->name + 4) == (int) idx)
data/hwloc-2.4.0~rc1+dfsg/include/hwloc/nvml.h:134:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char uuid[64];
data/hwloc-2.4.0~rc1+dfsg/include/hwloc/opencl.h:137:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char path[HWLOC_OPENCL_DEVICE_SYSFS_PATH_MAX];
data/hwloc-2.4.0~rc1+dfsg/include/hwloc/opencl.h:150:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(path, "/sys/bus/pci/devices/%04x:%02x:%02x.%01x/local_cpus", pcidomain, pcibus, pcidev, pcifunc);
data/hwloc-2.4.0~rc1+dfsg/include/hwloc/openfabrics-verbs.h:69:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char path[HWLOC_OPENFABRICS_VERBS_SYSFS_PATH_MAX];
data/hwloc-2.4.0~rc1+dfsg/include/hwloc/plugins.h:440:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      verboseenv_value = verboseenv ? atoi(verboseenv) : 0;
data/hwloc-2.4.0~rc1+dfsg/include/hwloc/rsmi.h:66:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char path[HWLOC_RSMI_DEVICE_SYSFS_PATH_MAX];
data/hwloc-2.4.0~rc1+dfsg/include/hwloc/rsmi.h:85:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(path, "/sys/bus/pci/devices/%04x:%02x:%02x.0/local_cpus", domain, bus, device);
data/hwloc-2.4.0~rc1+dfsg/include/hwloc/rsmi.h:118:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      && atoi(osdev->name + 4) == (int) dv_ind)
data/hwloc-2.4.0~rc1+dfsg/include/hwloc/rsmi.h:146:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char uuid[64];
data/hwloc-2.4.0~rc1+dfsg/include/hwloc/rsmi.h:167:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(uuid, "%lx", id);
data/hwloc-2.4.0~rc1+dfsg/include/netloc/utarray.h:102:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  else { memcpy(_utarray_eltptr(a,(a)->i++), p, (a)->icd.sz); };              \
data/hwloc-2.4.0~rc1+dfsg/include/netloc/utarray.h:130:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  else { memcpy(_utarray_eltptr(a,j), p, (a)->icd.sz); };                     \
data/hwloc-2.4.0~rc1+dfsg/include/netloc/utarray.h:149:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(_utarray_eltptr(a,j), _utarray_eltptr(w,0),                        \
data/hwloc-2.4.0~rc1+dfsg/include/private/debug.h:37:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      enabled = atoi(env);
data/hwloc-2.4.0~rc1+dfsg/include/private/debug.h:52:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[256];
data/hwloc-2.4.0~rc1+dfsg/include/private/netloc.h:159:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char physical_id[20];
data/hwloc-2.4.0~rc1+dfsg/include/private/netloc.h:260:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dest_id[20];
data/hwloc-2.4.0~rc1+dfsg/include/private/private.h:524:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, src, len+1);
data/hwloc-2.4.0~rc1+dfsg/include/private/xml.h:28:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char data[32];
data/hwloc-2.4.0~rc1+dfsg/include/private/xml.h:78:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char data[40];
data/hwloc-2.4.0~rc1+dfsg/netloc/architecture.c:109:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char word[1024];
data/hwloc-2.4.0~rc1+dfsg/netloc/architecture.c:121:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *file = fopen(filename, "r");
data/hwloc-2.4.0~rc1+dfsg/netloc/architecture.c:137:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    nodes = (char **)malloc(sizeof(char *[num_nodes]));
data/hwloc-2.4.0~rc1+dfsg/netloc/architecture.c:137:36:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    nodes = (char **)malloc(sizeof(char *[num_nodes]));
data/hwloc-2.4.0~rc1+dfsg/netloc/architecture.c:498:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(new_tree->degrees, main->degrees,
data/hwloc-2.4.0~rc1+dfsg/netloc/architecture.c:500:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(new_tree->degrees+main->num_levels, sub->degrees,
data/hwloc-2.4.0~rc1+dfsg/netloc/architecture.c:507:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(new_tree->cost+main->num_levels, sub->cost,
data/hwloc-2.4.0~rc1+dfsg/netloc/hwloc.c:95:26:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            if (!(fxml = fopen(hwloc_file, "r"))) {
data/hwloc-2.4.0~rc1+dfsg/netloc/mpicomm.c:22:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *input = fopen(filename, "r");
data/hwloc-2.4.0~rc1+dfsg/netloc/topology.c:38:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *input = fopen(path, "r");
data/hwloc-2.4.0~rc1+dfsg/netloc/topology.c:156:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        node->logical_id = atoi(line_get_next_field(&remain_line));
data/hwloc-2.4.0~rc1+dfsg/netloc/topology.c:157:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        node->type = atoi(line_get_next_field(&remain_line));
data/hwloc-2.4.0~rc1+dfsg/netloc/topology.c:201:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int num_links = atoi(line_get_next_field(&remain_line));
data/hwloc-2.4.0~rc1+dfsg/netloc/topology.c:209:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                link->id = atoi(line_get_next_field(&remain_line));
data/hwloc-2.4.0~rc1+dfsg/netloc/topology.c:214:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                link->ports[0] = atoi(line_get_next_field(&remain_line));
data/hwloc-2.4.0~rc1+dfsg/netloc/topology.c:215:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                link->ports[1] = atoi(line_get_next_field(&remain_line));
data/hwloc-2.4.0~rc1+dfsg/netloc/topology.c:221:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                link->other_way_id = atoi(line_get_next_field(&remain_line));
data/hwloc-2.4.0~rc1+dfsg/netloc/topology.c:264:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int link_id = atoi(field);
data/hwloc-2.4.0~rc1+dfsg/netloc/topology.c:378:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int partition_num = atoi(partition);
data/hwloc-2.4.0~rc1+dfsg/netloc/topology.c:579:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(id, "virtual%d", virtual_id++);
data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/cuda.c:62:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    assert(atoi(osdev->name+4) == (int) i);
data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/cudart.c:47:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    assert(atoi(osdev->name+4) == (int) i);
data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_backends.c:23:19:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
static inline int mkstemp(char *name)
data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_backends.c:26:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  return open(name, O_RDWR|O_CREAT, S_IRWXU);
data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_backends.c:67:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char env[64];
data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_backends.c:84:15:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
  xmlfilefd = mkstemp(xmlfile);
data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_object_userdata.c:38:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tmp[32];
data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_object_userdata.c:42:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(tmp, "%016llx", (unsigned long long) (uintptr_t) obj->userdata);
data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_object_userdata.c:53:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(tmp, "EncodedShort%u", i);
data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_object_userdata.c:58:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(tmp, "EncodedLong%u", i);
data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_object_userdata.c:67:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tmp[17];
data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_object_userdata.c:75:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(tmp, buffer, 16);
data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_object_userdata.c:98:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    unsigned i = atoi(name+12);
data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_object_userdata.c:105:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    unsigned i = atoi(name+11);
data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_synthetic.c:33:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[1024];
data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/hwloc_type_sscanf.c:45:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[64];
data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/nvml.c:61:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    assert(atoi(osdev->name+4) == (int) i);
data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/ports/include/cuda/cuda_runtime_api.h:19:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[256];
data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/ports/include/solaris/kstat.h:17:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char ks_module[KSTAT_STRLEN];
data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/ports/include/solaris/kstat.h:18:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char ks_name[KSTAT_STRLEN];
data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/ports/include/solaris/kstat.h:26:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char c[16];
data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/ports/include/solaris/picl.h:28:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[PICL_PROPNAMELEN_MAX];
data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/rsmi.c:58:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    assert(atoi(osdev->name+4) == (int) i);
data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/shmem.c:135:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char cmd[512];
data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/shmem.c:141:8:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
  fd = mkstemp(tmpname);
data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/shmem.c:223:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = open(argv[1], O_RDONLY);
data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/shmem.c:232:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    synthetic_with_distances = atoi(argv[5]);
data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/xmlbuffer.c:19:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char s[129];
data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/xmlbuffer.c:20:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char t[10];
data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/xmlbuffer.c:52:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(copy1, buf1, size1);
data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/xmlbuffer.c:98:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  if (atoi(argv[1])) {
data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/xmlbuffer.c:106:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  if (atoi(argv[2])) {
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/common-ps.c:49:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fd = open(path, O_RDONLY);
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/common-ps.c:65:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char comm[16] = "";
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/common-ps.c:67:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = open(path, O_RDONLY);
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/common-ps.c:79:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char stats[32];
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/common-ps.c:83:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      fd = open(path, O_RDONLY);
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/common-ps.c:131:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = open(path, O_RDONLY);
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/common-ps.c:133:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char status[1024];
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/common-ps.c:194:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	      commfd = open(path2, O_RDWR);
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/common-ps.h:18:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char string[1024];
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/common-ps.h:19:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[64];
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/common-ps.h:30:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[HWLOC_PS_TIDNAME_MAX];
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-annotate.c:196:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char line[64];
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-annotate.c:200:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	file = fopen(distancesfilename, "r");
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-annotate.c:441:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
          ckefficiency = atoi(argv[2]);
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-annotate.c:442:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
          ckflags = atoi(argv[3]);
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-bind.c:149:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      no_smt = atoi(argv[0] + 9);
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-bind.c:238:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        pid_number = atoi(argv[1]);
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-bind.c:248:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        tid_number = atoi(argv[1]);
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-calc.c:115:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char string[256];
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-calc.c:116:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char type[32];
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-calc.c:162:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char type[64];
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-calc.c:231:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char type[64];
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-calc.c:366:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        cpukind_index = atoi(argv[1]);
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-calc.c:452:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	no_smt = atoi(argv[0] + 9);
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-calc.h:151:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char typestring[20+1]; /* large enough to store all type names, even with a depth attribute */
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-calc.h:201:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char string[65];
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-calc.h:219:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(string, _string, len);
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-distrib.c:191:9:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    n = atol(argv[0]);
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-dump-hwdata-knl.c:153:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    f = fopen(file, "rb");
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-dump-hwdata-knl.c:217:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char path[PATH_SIZE];
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-dump-hwdata-knl.c:218:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char file_buf[SMBIOS_FILE_BUF_SIZE];
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-dump-hwdata-knl.c:264:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char path[PATH_SIZE];
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-dump-hwdata-knl.c:265:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char file_buf[SMBIOS_FILE_BUF_SIZE];
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-dump-hwdata-knl.c:438:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = open(out_file, O_WRONLY|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-dump-hwdata-knl.c:476:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char path[PATH_SIZE];
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-dump-hwdata-knl.c:514:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char tab[16] = {0};
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-gather-cpuid.c:67:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    output = fopen(path, "w");
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-gather-cpuid.c:472:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      idx = atoi(argv[1]);
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-gather-cpuid.c:548:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(path, "w");
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-info.c:79:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char s[128];
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-info.c:276:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char *inits, _inits[256];
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-info.c:280:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                  char types[64];
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-info.c:309:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char prefix[32];
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-info.c:310:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char objs[128];
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-info.c:319:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char parents[128];
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-info.c:338:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char parents[128];
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-info.c:357:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char childs[128];
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-info.c:376:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char childs[128];
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-info.c:392:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char childs[128];
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-info.c:455:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char nodestr[128];
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-info.c:685:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	pid_number = atoi(argv[1]); opt = 1;
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-ps.c:85:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char type[64];
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-ps.c:122:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char type[64];
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-ps.c:275:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char req[JSON_REQLENMAX+1];
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-ps.c:310:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  only_pid = atoi(current+4);
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-ps.c:408:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	only_uid = atoi(argv[1]);
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-ps.c:430:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      json_port = atoi(argv[1]);
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/misc.h:377:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char _types[64];
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/misc.h:630:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  id = atoi(str);
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-cairo.c:330:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        dpi = atoi(value.addr);
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-draw.c:720:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char typestr[32];
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-draw.c:721:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char indexstr[32]= "";
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-draw.c:722:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char index2str[32] = "";
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-draw.c:723:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char attrstr[256];
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-draw.c:724:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char totmemstr[64] = "";
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-draw.c:985:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char busid[32];
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-draw.c:986:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char _text[64];
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-draw.c:1199:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char text[4];
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-draw.c:1237:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(lud->text[0].text, "%ux total", level->parent->arity);
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-draw.c:1415:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char hostname[122] = "";
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-shmem.c:96:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fd = open(filename, O_RDWR|O_TRUNC|O_CREAT, S_IRUSR|S_IWUSR);
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-shmem.c:147:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fd = open(input, O_RDONLY);
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-svg.c:26:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char id[128] = "";
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-svg.c:27:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char class[128] = "";
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-svg.c:28:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char complement[12] = "";
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-svg.c:29:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char dash[32] = "";
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-svg.c:35:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char type[64];
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-svg.c:58:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char id[128] = "";
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-svg.c:59:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char class[128] = "";
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-svg.c:60:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char complement[12] = "";
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-svg.c:65:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char type[64];
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-svg.c:91:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char id[128] = "";
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-svg.c:92:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char class[128] = "";
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-svg.c:93:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char complement[12] = "";
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-svg.c:100:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char type[64];
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-text.c:33:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char pidxstr[16];
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-text.c:34:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char lidxstr[32];
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-text.c:35:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char busidstr[32];
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-text.c:38:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(pidxstr, "P#[collapsed]"); /* shouldn't be used, os_index should be -1 except if importing old XMLs */
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-text.c:48:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char type[64], *attr, phys[32] = "";
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-text.c:270:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char objtype[16];
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-text.c:281:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char objtype[16];
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-text.c:500:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char sbuffer[1024];
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-tikz.c:59:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char linestyle[64] = "solid";
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-tikz.c:64:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dashsize[20], *comma = NULL;
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo.c:79:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  return fopen(filename, "w");
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo.c:115:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char style[19];
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo.c:128:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[100];
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo.c:142:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char task_name[150];
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo.c:1006:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  min = atoi(sep1+1);
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo.c:1010:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    first = atoi(sep2+1);
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo.c:1013:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	      last = atoi(sep3+1);
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo.c:1193:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	loutput.fontsize = atoi(argv[1]);
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo.c:1199:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	loutput.gridsize = atoi(argv[1]);
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo.c:1205:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	loutput.linespacing = atoi(argv[1]);
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo.c:1211:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	loutput.thickness = atoi(argv[1]);
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo.c:1250:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	loutput.pid_number = atoi(argv[1]); opt = 1;
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo.h:82:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char legend_default_lines[LSTOPO_LEGEND_DEFAULT_LINES][128];
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo.h:98:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char title[256];
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo.h:210:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char text[128];
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo.h:267:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char domain[10] = "";
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/draw/netloc_draw_to_json.c:88:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    contents->strings = (char **)malloc(sizeof(char *[allocated]));
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/draw/netloc_draw_to_json.c:88:48:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    contents->strings = (char **)malloc(sizeof(char *[allocated]));
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/draw/netloc_draw_to_json.c:100:51:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                realloc(contents->strings, sizeof(char *[2*contents->allocated]));
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/draw/netloc_draw_to_json.c:106:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            contents->strings = (char **) malloc(sizeof(char *[1]));
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/draw/netloc_draw_to_json.c:106:57:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            contents->strings = (char **) malloc(sizeof(char *[1]));
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/draw/netloc_draw_to_json.c:129:47:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                realloc(dest->strings, sizeof(char *[dest->allocated+size]));
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/draw/netloc_draw_to_json.c:133:47:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                realloc(dest->strings, sizeof(char *[size]));
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/draw/netloc_draw_to_json.c:137:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&dest->strings[dest->num], src->strings, sizeof(char *[src->num]));
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/draw/netloc_draw_to_json.c:137:60:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    memcpy(&dest->strings[dest->num], src->strings, sizeof(char *[src->num]));
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/draw/netloc_draw_to_json.c:530:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    output = fopen(draw, "w");
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/infiniband/netloc_ib_extract_dats.c:37:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dest[20];             /* key */
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/infiniband/netloc_ib_extract_dats.c:45:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char physical_id[20];    /* key */
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/infiniband/netloc_ib_extract_dats.c:82:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char physical_id[20];    /* key */
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/infiniband/netloc_ib_extract_dats.c:87:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char physical_id[20];    /* key */
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/infiniband/netloc_ib_extract_dats.c:95:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char physical_id[20];    /* key */
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/infiniband/netloc_ib_extract_dats.c:101:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char physical_id[20];    /* key */
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/infiniband/netloc_ib_extract_dats.c:168:28:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        node->logical_id = atol(lid);
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/infiniband/netloc_ib_extract_dats.c:234:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        x = atoi(width);
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/infiniband/netloc_ib_extract_dats.c:678:21:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    discover_file = fopen(discover_path, "r");
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/infiniband/netloc_ib_extract_dats.c:722:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char *matches[max_nfields];
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/infiniband/netloc_ib_extract_dats.c:819:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            link->ports[0] =  atoi(src_port_id);
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/infiniband/netloc_ib_extract_dats.c:820:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            link->ports[1] =  atoi(dest_port_id);
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/infiniband/netloc_ib_extract_dats.c:839:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(dest_link, link, sizeof(physical_link_t));
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/infiniband/netloc_ib_extract_dats.c:901:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[20];
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/infiniband/netloc_ib_extract_dats.c:902:38:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    int max_length = num_partitions*(sprintf(tmp, "%d", num_partitions)+1)+1;
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/infiniband/netloc_ib_extract_dats.c:910:23:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            offset += sprintf(string+offset, "%d", p);
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/infiniband/netloc_ib_extract_dats.c:921:20:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *output = fopen(output_path, "w");
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/infiniband/netloc_ib_extract_dats.c:1036:36:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                FILE *route_file = fopen(route_filename, "r");
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/infiniband/netloc_ib_extract_dats.c:1064:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char *matches[5];
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/infiniband/netloc_ib_extract_dats.c:1066:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char dest_guid[20];
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/infiniband/netloc_ib_extract_dats.c:1069:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                        char guid[20];
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/infiniband/netloc_ib_extract_dats.c:1071:25:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                        sprintf(guid, "%.4s:%.4s:%.4s:%.4s",
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/infiniband/netloc_ib_extract_dats.c:1092:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        port = atoi(matches[2]);
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/infiniband/netloc_ib_extract_dats.c:1093:25:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                        sprintf(dest_guid, "%.4s:%.4s:%.4s:%.4s",
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/mpi/netloc_mpi_find_hosts.c:34:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[1024];
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/mpi/netloc_mpi_find_hosts.c:62:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        output = fopen(argv[1], "w");
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/mpi/netloc_mpi_find_hosts.c:98:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            nodename = (char *)malloc(sizeof(char[size]));
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/mpi/netloc_mpi_find_hosts.c:195:25:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            if ((fxml = fopen(hwloc_file, "r"))) {
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/mpi/netloc_mpi_find_hosts.c:203:29:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                if ((fxml = fopen(hwloc_file, "r"))) {
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/mpi/netloc_mpi_rank_file.c:40:23:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *rank_file = fopen(rank_filename, "w");
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/scotch/netlocscotch_get_arch.c:43:23:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *arch_file = fopen(arch_filename, "w");
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/scotch/netlocscotch_get_arch.c:52:30:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        FILE *subarch_file = fopen(subarch_filename, "w");
data/hwloc-2.4.0~rc1+dfsg/hwloc/bind.c:592:7:  [1] (free) memalign:
  On some systems (though not Linux-based systems) an attempt to free()
  results from memalign() may fail. This may, on a few systems, be
  exploitable. Also note that memalign() may not check that the boundary
  parameter is correct (CWE-676). Use posix_memalign instead (defined in
  POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
  4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
  malloc()'s alignment may be sufficient.
  p = memalign(hwloc_getpagesize(), len);
data/hwloc-2.4.0~rc1+dfsg/hwloc/bitmap.c:658:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  chars = (int)strlen(current);
data/hwloc-2.4.0~rc1+dfsg/hwloc/components.c:223:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  componentsymbolname = malloc(strlen(basename)+10+1);
data/hwloc-2.4.0~rc1+dfsg/hwloc/components.c:372:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      || strcspn(component->name, HWLOC_COMPONENT_SEPS) != strlen(component->name)) {
data/hwloc-2.4.0~rc1+dfsg/hwloc/components.c:557:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    length = strlen(name);
data/hwloc-2.4.0~rc1+dfsg/hwloc/pci-common.c:22:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#define read _read
data/hwloc-2.4.0~rc1+dfsg/hwloc/pci-common.c:143:18:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	  if (buffer && read(fd, buffer, st.st_size) == st.st_size) {
data/hwloc-2.4.0~rc1+dfsg/hwloc/shmem.c:169:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  err = read(fd, &header, sizeof(header));
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:525:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  ret = read(fd, string, length-1); /* read -1 to put the ending \0 */
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:583:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  ret = read(fd, buffer, toread+1);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:611:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    ret = read(fd, buffer+toread+1, toread);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:2964:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (!strncmp("cache_size:", data_beg, strlen("cache_size"))) {
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:2967:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      } else if (!strncmp("line_size:", data_beg, strlen("line_size:"))) {
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:2970:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      } else if (!strncmp("inclusiveness:", data_beg, strlen("inclusiveness:"))) {
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:2973:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      } else if (!strncmp("associativity:", data_beg, strlen("associativity:"))) {
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:2979:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (!strncmp("cluster_mode: ", data_beg, strlen("cluster_mode: "))) {
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:2981:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	data_beg += strlen("cluster_mode: ");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:2988:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      } else if (!strncmp("memory_mode: ", data_beg, strlen("memory_mode: "))) {
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:2990:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	data_beg += strlen("memory_mode: ");
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:4932:7:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      getc(fd);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:4996:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(data->utsname.sysname, line+8, sizeof(data->utsname.sysname));
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5001:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(data->utsname.release, line+11, sizeof(data->utsname.release));
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5006:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(data->utsname.version, line+11, sizeof(data->utsname.version));
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5011:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(data->utsname.nodename, line+10, sizeof(data->utsname.nodename));
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5016:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(data->utsname.machine, line+14, sizeof(data->utsname.machine));
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5599:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(vendor, prop, sizeof(vendor));
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5604:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(model, prop, sizeof(model));
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5609:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(revision, prop, sizeof(revision));
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5614:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(serial, prop, sizeof(serial));
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5619:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(blocktype, prop, sizeof(blocktype));
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5637:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (!strncmp(line, "E:ID_VENDOR=", strlen("E:ID_VENDOR="))) {
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5638:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(vendor, line+strlen("E:ID_VENDOR="), sizeof(vendor));
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5638:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      strncpy(vendor, line+strlen("E:ID_VENDOR="), sizeof(vendor));
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5640:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    } else if (!strncmp(line, "E:ID_MODEL=", strlen("E:ID_MODEL="))) {
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5641:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(model, line+strlen("E:ID_MODEL="), sizeof(model));
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5641:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      strncpy(model, line+strlen("E:ID_MODEL="), sizeof(model));
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5643:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    } else if (!strncmp(line, "E:ID_REVISION=", strlen("E:ID_REVISION="))) {
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5644:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(revision, line+strlen("E:ID_REVISION="), sizeof(revision));
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5644:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      strncpy(revision, line+strlen("E:ID_REVISION="), sizeof(revision));
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5646:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    } else if (!strncmp(line, "E:ID_SERIAL_SHORT=", strlen("E:ID_SERIAL_SHORT="))) {
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5647:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(serial, line+strlen("E:ID_SERIAL_SHORT="), sizeof(serial));
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5647:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      strncpy(serial, line+strlen("E:ID_SERIAL_SHORT="), sizeof(serial));
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5649:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    } else if (!strncmp(line, "E:ID_TYPE=", strlen("E:ID_TYPE="))) {
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5650:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(blocktype, line+strlen("E:ID_TYPE="), sizeof(blocktype));
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:5650:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      strncpy(blocktype, line+strlen("E:ID_TYPE="), sizeof(blocktype));
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:6143:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strspn(buffer, " ") == strlen(buffer))
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-linux.c:6179:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      slen = strlen(buffer+boff);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-solaris-chiptype.c:302:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(&dss_chip_type[0], string_val, PICL_PROPNAMELEN_MAX);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-solaris-chiptype.c:305:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(&dss_chip_model[0], string_val, PICL_PROPNAMELEN_MAX);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-solaris-chiptype.c:467:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(dss_chip_model, sparc_modes[dss_chip_mode],
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-x86.c:84:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  filenamelen = strlen(dirpath) + 15;
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-x86.c:1648:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  path = malloc(strlen(src_cpuiddump_path) + strlen("/hwloc-cpuid-info") + 1);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-x86.c:1648:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  path = malloc(strlen(src_cpuiddump_path) + strlen("/hwloc-cpuid-info") + 1);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml-libxml.c:162:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  length = strlen((char *) child->content);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml-nolibxml.c:551:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  fulllen = strlen(src);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:727:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      fakename = malloc(6 + 1 + (name ? strlen(name) : 4) + 1);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:2372:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  char *new = malloc(strlen(old)+1);
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:3508:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if ((name && hwloc__xml_export_check_buffer(name, strlen(name)) < 0)
data/hwloc-2.4.0~rc1+dfsg/hwloc/topology-xml.c:3558:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (name && hwloc__xml_export_check_buffer(name, strlen(name)) < 0) {
data/hwloc-2.4.0~rc1+dfsg/include/netloc/uthash.h:265:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    HASH_FIND(hh,head,findstr,(unsigned)strlen(findstr),out)
data/hwloc-2.4.0~rc1+dfsg/include/netloc/uthash.h:267:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    HASH_ADD(hh,head,strfield[0],(unsigned int)strlen(add->strfield),add)
data/hwloc-2.4.0~rc1+dfsg/include/netloc/uthash.h:269:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    HASH_REPLACE(hh,head,strfield[0],(unsigned)strlen(add->strfield),add,replaced)
data/hwloc-2.4.0~rc1+dfsg/include/private/private.h:521:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t len = strlen(src);
data/hwloc-2.4.0~rc1+dfsg/netloc/architecture.c:31:9:  [1] (buffer) fscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    if (fscanf(f, " %1023s", w) != 1) { \
data/hwloc-2.4.0~rc1+dfsg/netloc/architecture.c:720:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        HASH_ADD_KEYPTR(hh, named_nodes, node->name, strlen(node->name), node);
data/hwloc-2.4.0~rc1+dfsg/netloc/hwloc.c:86:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            refname[strlen(refname)-4] = '\0';
data/hwloc-2.4.0~rc1+dfsg/netloc/mpicomm.c:42:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (!strlen(ptr))
data/hwloc-2.4.0~rc1+dfsg/netloc/mpicomm.c:62:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (!strlen(ptr))
data/hwloc-2.4.0~rc1+dfsg/netloc/support.c:54:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t lastpos = strlen(line)-1;
data/hwloc-2.4.0~rc1+dfsg/netloc/support.c:59:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    return read;
data/hwloc-2.4.0~rc1+dfsg/netloc/topology.c:77:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    } else if (!strlen(line)) {
data/hwloc-2.4.0~rc1+dfsg/netloc/topology.c:153:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(node->physical_id, line_get_next_field(&remain_line), 20);
data/hwloc-2.4.0~rc1+dfsg/netloc/topology.c:163:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(node->hostname) > 0) {
data/hwloc-2.4.0~rc1+dfsg/netloc/topology.c:165:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    strlen(node->hostname), node);
data/hwloc-2.4.0~rc1+dfsg/netloc/topology.c:178:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(field) > 19)
data/hwloc-2.4.0~rc1+dfsg/netloc/topology.c:260:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(path->dest_id, dest_id, 20); /* Should be shorter than 20 */
data/hwloc-2.4.0~rc1+dfsg/netloc/topology.c:375:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (!strlen(list))
data/hwloc-2.4.0~rc1+dfsg/netloc/topology.c:467:17:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
            if (equal) {
data/hwloc-2.4.0~rc1+dfsg/tests/hwloc/shmem.c:51:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  err = read(fd, origxmlbuf, fileoffset);
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/common-ps.c:54:7:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  n = read(fd, proc->name, sizeof(proc->name) - 1);
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/common-ps.c:69:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      n = read(fd, comm, sizeof(comm) - 1);
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/common-ps.c:86:6:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	n = read(fd, stats, sizeof(stats) - 1);
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/common-ps.c:111:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    cmd = malloc(strlen(pidcmd)+1+5+2+1);
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/common-ps.c:135:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      (void) read(fd, &status, sizeof(status));
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/common-ps.c:196:7:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		n = read(commfd, proc->threads[i].name, sizeof(proc->threads[i].name));
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-calc.c:355:13:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
      char *equal;
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-calc.c:361:11:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
      if (equal) {
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-calc.h:162:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(typestring, string, typelen);
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-calc.h:212:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(_string);
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-calc.h:730:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (strlen(tmp) != strspn(tmp, "0123456789abcdefABCDEF")) {
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-calc.h:747:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = next ? (size_t) (next-tmp) : strlen(tmp);
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-dump-hwdata-knl.c:175:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int len = strlen(group_strings);
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-gather-cpuid.c:533:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pathlen = strlen(basedir) + 20; /* for '/pu%u' or '/hwloc-cpuid-info' */
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/hwloc-ps.c:280:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      ret = read(client_socket, req, sizeof(req)-1);
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/misc.h:121:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(argv[1]))
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/misc.h:184:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen(input);
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/misc.h:197:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    childpath = malloc(strlen(input) + 10); /* enough for appending /sys, /proc or /pu0 */
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/misc.h:199:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      snprintf(childpath, strlen(input) + 10, "%s/pu0", input);
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/misc.h:206:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      snprintf(childpath, strlen(input) + 10, "%s/proc", input);
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/misc.h:274:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen("HWLOC_CPUID_PATH=")+strlen(input)+1;
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/misc.h:274:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen("HWLOC_CPUID_PATH=")+strlen(input)+1;
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/misc.h:407:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  prefixmaxlen = topodepth-1 + strlen("depth xyz:  ");
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/misc.h:408:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  sdepthmaxlen = strlen("Special depth -x:  ");
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/misc.h:583:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if(strcmp(ptr, possible_flags[i].str_flag + strlen(possible_flags[i].str_flag) - strlen(ptr)))
data/hwloc-2.4.0~rc1+dfsg/utils/hwloc/misc.h:583:90:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if(strcmp(ptr, possible_flags[i].str_flag + strlen(possible_flags[i].str_flag) - strlen(ptr)))
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-ascii.c:412:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen(text) + 1;
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-draw.c:1072:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      n = (unsigned)strlen(lud->text[i].text);
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-draw.c:1238:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n = (unsigned)strlen(lud->text[0].text);
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-draw.c:1440:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                  (unsigned) strlen(loutput->legend_default_lines[ndl]),
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-draw.c:1455:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                  (unsigned) strlen(loutput->legend_default_lines[ndl]),
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-draw.c:1478:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        n = (unsigned) strlen(date);
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-draw.c:1490:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                (unsigned) strlen(loutput->legend_default_lines[ndl]),
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-draw.c:1502:79:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          textwidth = get_textwidth(loutput, root->infos[i].value, (unsigned) strlen(root->infos[i].value), fontsize);
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-draw.c:1508:82:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        textwidth = get_textwidth(loutput, loutput->legend_append[i], (unsigned) strlen(loutput->legend_append[i]), fontsize);
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-fig.c:102:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  int len = (int)strlen(text);
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-shmem.c:151:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  err = read(fd, &header, sizeof(header));
data/hwloc-2.4.0~rc1+dfsg/utils/lstopo/lstopo-windows.c:442:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  TextOut(ps->hdc, x - x_delta, y - y_delta, text, (int)strlen(text));
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/draw/netloc_draw_to_json.c:267:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        return strndup(string+1, strlen(string)-2);
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/draw/netloc_draw_to_json.c:269:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        return strndup(string, strlen(string));
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/draw/netloc_draw_to_json.c:520:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int basename_len = strlen(node_uri)-10;
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/draw/netloc_draw_to_json.c:526:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(basename, node_uri, basename_len);
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/infiniband/netloc_ib_extract_dats.c:117:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(matches[i], line+current_match.rm_so, len);
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/infiniband/netloc_ib_extract_dats.c:128:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int max_size = strlen(name);
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/infiniband/netloc_ib_extract_dats.c:164:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t size = sizeof(*node)+sizeof(char)*(strlen(desc)+1);
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/infiniband/netloc_ib_extract_dats.c:324:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    max_size = strlen(node->hostname);
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/infiniband/netloc_ib_extract_dats.c:715:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    int read;
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/infiniband/netloc_ib_extract_dats.c:909:27:  [1] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source is a constant character.
                offset += sprintf(string+offset, ":");
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/infiniband/netloc_ib_extract_dats.c:1059:21:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                int read;
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/mpi/netloc_mpi_find_hosts.c:82:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            HASH_ADD_KEYPTR(hh, nodes, node->name, strlen(node->name), node);
data/hwloc-2.4.0~rc1+dfsg/utils/netloc/mpi/netloc_mpi_find_hosts.c:109:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                HASH_ADD_KEYPTR(hh, nodes, node->name, strlen(node->name), node);

ANALYSIS SUMMARY:

Hits = 900
Lines analyzed = 80705 in approximately 2.38 seconds (33848 lines/second)
Physical Source Lines of Code (SLOC) = 58220
Hits@level = [0] 1890 [1] 130 [2] 580 [3] 102 [4]  87 [5]   1
Hits@level+ = [0+] 2790 [1+] 900 [2+] 770 [3+] 190 [4+]  88 [5+]   1
Hits/KSLOC@level+ = [0+] 47.9217 [1+] 15.4586 [2+] 13.2257 [3+] 3.26348 [4+] 1.51151 [5+] 0.0171762
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.