Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/itsol-1.0.0/LIB/piluNEW.c
Examining data/itsol-1.0.0/LIB/ilutpC.c
Examining data/itsol-1.0.0/LIB/svdInvC.c
Examining data/itsol-1.0.0/LIB/setblks.c
Examining data/itsol-1.0.0/LIB/MatOps.c
Examining data/itsol-1.0.0/LIB/misc.c
Examining data/itsol-1.0.0/LIB/globheads.h
Examining data/itsol-1.0.0/LIB/defs.h
Examining data/itsol-1.0.0/LIB/systimer.c
Examining data/itsol-1.0.0/LIB/PQ.c
Examining data/itsol-1.0.0/LIB/indsetC.c
Examining data/itsol-1.0.0/LIB/protos.h
Examining data/itsol-1.0.0/LIB/sets.c
Examining data/itsol-1.0.0/arms2.c
Examining data/itsol-1.0.0/ilut.c
Examining data/itsol-1.0.0/auxill.c
Examining data/itsol-1.0.0/fgmr.c
Examining data/itsol-1.0.0/ios.h
Examining data/itsol-1.0.0/TESTS_HB/mainILUThb.c
Examining data/itsol-1.0.0/TESTS_HB/mainILUKhb.c
Examining data/itsol-1.0.0/TESTS_HB/mainARMShb.c
Examining data/itsol-1.0.0/TESTS_HB/mainVBILUKhb.c
Examining data/itsol-1.0.0/TESTS_HB/mainVBILUThb.c
Examining data/itsol-1.0.0/vbilut.c
Examining data/itsol-1.0.0/TESTS_COO/mainVBILUTcoo.c
Examining data/itsol-1.0.0/TESTS_COO/mainILUTcoo.c
Examining data/itsol-1.0.0/TESTS_COO/mainARMScoo.c
Examining data/itsol-1.0.0/TESTS_COO/mainVBILUKcoo.c
Examining data/itsol-1.0.0/TESTS_COO/mainILUKcoo.c
Examining data/itsol-1.0.0/vbiluk.c
Examining data/itsol-1.0.0/iluk.c
FINAL RESULTS:
data/itsol-1.0.0/LIB/sets.c:14:3: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(out1, f_str, argp);
data/itsol-1.0.0/LIB/sets.c:17:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(out2, "Error! %s\n", out1);
data/itsol-1.0.0/TESTS_COO/mainARMScoo.c:197:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pltfile, "OUT/%s_ARMS_F%05d_T%08.6f", io.HBnameF, lfil,tol);
data/itsol-1.0.0/TESTS_COO/mainILUKcoo.c:174:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( pltfile, "OUT/%s_ILUK_F%05d", io.HBnameF, lfil);
data/itsol-1.0.0/TESTS_COO/mainILUTcoo.c:176:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( matdata, "OUT/%s.dat", io.HBnameF );
data/itsol-1.0.0/TESTS_COO/mainILUTcoo.c:200:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( pltfile, "OUT/%s_ILUT_F%05d_T%08.6f", io.HBnameF, lfil,tol);
data/itsol-1.0.0/TESTS_COO/mainVBILUKcoo.c:186:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( matdata, "OUT/%s.dat", io.HBnameF );
data/itsol-1.0.0/TESTS_COO/mainVBILUKcoo.c:241:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( pltfile, "OUT/%s_VBILUK_F%05d", io.HBnameF, lfil);
data/itsol-1.0.0/TESTS_COO/mainVBILUTcoo.c:181:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( matdata, "OUT/%s.dat", io.HBnameF );
data/itsol-1.0.0/TESTS_COO/mainVBILUTcoo.c:245:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( pltfile, "OUT/%s_VBILUT_F%05d_T%08.6f", io.HBnameF, lfil,tol);
data/itsol-1.0.0/TESTS_HB/mainARMShb.c:197:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pltfile, "OUT/%s_ARMS_F%05d_T%08.6f", io.HBnameF, lfil,tol);
data/itsol-1.0.0/TESTS_HB/mainILUKhb.c:169:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( pltfile, "OUT/%s_ILUK_F%05d", io.HBnameF, lfil);
data/itsol-1.0.0/TESTS_HB/mainILUThb.c:169:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( matdata, "OUT/%s.dat", io.HBnameF );
data/itsol-1.0.0/TESTS_HB/mainILUThb.c:192:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( pltfile, "OUT/%s_ILUT_F%05d_T%08.6f", io.HBnameF, lfil,tol);
data/itsol-1.0.0/TESTS_HB/mainVBILUKhb.c:181:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( matdata, "OUT/%s.dat", io.HBnameF );
data/itsol-1.0.0/TESTS_HB/mainVBILUKhb.c:236:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( pltfile, "OUT/%s_VBILUK_F%05d", io.HBnameF, lfil);
data/itsol-1.0.0/TESTS_HB/mainVBILUThb.c:178:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( matdata, "OUT/%s.dat", io.HBnameF );
data/itsol-1.0.0/TESTS_HB/mainVBILUThb.c:241:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( pltfile, "OUT/%s_VBILUT_F%05d_T%08.6f", io.HBnameF, lfil,tol);
data/itsol-1.0.0/auxill.c:194:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( pio->Fname, p1 );
data/itsol-1.0.0/auxill.c:200:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( pio->HBnameF, p1 );
data/itsol-1.0.0/auxill.c:403:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(seed);
data/itsol-1.0.0/LIB/MatOps.c:50:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(D[i], vbmat->ba[i][j], size );
data/itsol-1.0.0/LIB/MatOps.c:265:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&work[lenB],&x[lenB],(len-lenB)*sizeof(double));
data/itsol-1.0.0/LIB/MatOps.c:482:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(y, work,n*sizeof(double));
data/itsol-1.0.0/LIB/MatOps.c:919:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(y, x, n*sizeof(double));
data/itsol-1.0.0/LIB/ilutpC.c:296:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ilusch->L->ma[ii], w, len*sizeof(double));
data/itsol-1.0.0/LIB/ilutpC.c:365:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ilusch->U->ma[ii][1], &w[ii+1], (len-1)*sizeof(double));
data/itsol-1.0.0/LIB/ilutpC.c:639:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ilusch->L->ja[ii], jw, lenl*sizeof(int));
data/itsol-1.0.0/LIB/ilutpC.c:640:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ilusch->L->ma[ii], w, lenl*sizeof(double));
data/itsol-1.0.0/LIB/ilutpC.c:670:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ilusch->U->ja[ii][1], jw, jpos*sizeof(int));
data/itsol-1.0.0/LIB/ilutpC.c:671:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ilusch->U->ma[ii][1], w, jpos*sizeof(double));
data/itsol-1.0.0/LIB/piluNEW.c:310:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(amat->L->ja[ii], jw, lenl*sizeof(int));
data/itsol-1.0.0/LIB/piluNEW.c:311:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(amat->L->ma[ii], w, lenl*sizeof(double));
data/itsol-1.0.0/LIB/piluNEW.c:340:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&amat->U->ja[ii][1], jw, jpos*sizeof(int));
data/itsol-1.0.0/LIB/piluNEW.c:341:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&amat->U->ma[ii][1], w, jpos*sizeof(double));
data/itsol-1.0.0/LIB/piluNEW.c:361:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lfma[ii], w, lenu*sizeof(double));
data/itsol-1.0.0/LIB/piluNEW.c:362:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lfja[ii], jw, lenu*sizeof(int));
data/itsol-1.0.0/LIB/piluNEW.c:560:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&schur->ja[ii][0], jw, jpos*sizeof(int));
data/itsol-1.0.0/LIB/piluNEW.c:561:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&schur->ma[ii][0], w, jpos*sizeof(double));
data/itsol-1.0.0/LIB/sets.c:11:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out1[256], out2[256];
data/itsol-1.0.0/LIB/sets.c:143:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bja,amat->ja[j],len*sizeof(int));
data/itsol-1.0.0/LIB/sets.c:144:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bma,amat->ma[j],len*sizeof(double));
data/itsol-1.0.0/LIB/sets.c:808:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(B->ja[j], new1j, numl*sizeof(int));
data/itsol-1.0.0/LIB/sets.c:809:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(B->ma[j], new1m, numl*sizeof(double));
data/itsol-1.0.0/LIB/sets.c:810:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(F->ja[j], new2j, numr*sizeof(int));
data/itsol-1.0.0/LIB/sets.c:811:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(F->ma[j], new2m, numr*sizeof(double));
data/itsol-1.0.0/LIB/sets.c:848:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(E->ja[j], new1j, numl*sizeof(int));
data/itsol-1.0.0/LIB/sets.c:849:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(E->ma[j], new1m, numl*sizeof(double));
data/itsol-1.0.0/LIB/sets.c:850:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(C->ja[j], new2j, numr*sizeof(int));
data/itsol-1.0.0/LIB/sets.c:851:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(C->ma[j], new2m, numr*sizeof(double));
data/itsol-1.0.0/LIB/sets.c:1225:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fmatlab = fopen( filename, "w" );
data/itsol-1.0.0/TESTS_COO/mainARMScoo.c:40:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pltfile[256];
data/itsol-1.0.0/TESTS_COO/mainARMScoo.c:67:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_LINE];
data/itsol-1.0.0/TESTS_COO/mainARMScoo.c:82:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( NULL == ( fmat = fopen( "matfile_coo", "r" ) ) ) {
data/itsol-1.0.0/TESTS_COO/mainARMScoo.c:88:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( (numat = atoi( line ) ) <= 0 ) {
data/itsol-1.0.0/TESTS_COO/mainARMScoo.c:100:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(io.outfile,"OUT/ARMS_DDPQ.out");
data/itsol-1.0.0/TESTS_COO/mainARMScoo.c:101:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(io.PrecMeth,"ARMS_DDPQ");
data/itsol-1.0.0/TESTS_COO/mainARMScoo.c:104:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(io.outfile,"OUT/ARMS.out");
data/itsol-1.0.0/TESTS_COO/mainARMScoo.c:105:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(io.PrecMeth,"ARMS");
data/itsol-1.0.0/TESTS_COO/mainARMScoo.c:107:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( NULL == ( io.fout = fopen( io.outfile, "w" ) ) ) {
data/itsol-1.0.0/TESTS_COO/mainARMScoo.c:198:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( NULL == (fits = fopen( pltfile, "w" ) ) ) {
data/itsol-1.0.0/TESTS_COO/mainILUKcoo.c:28:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pltfile[256];
data/itsol-1.0.0/TESTS_COO/mainILUKcoo.c:45:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_LINE];
data/itsol-1.0.0/TESTS_COO/mainILUKcoo.c:62:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( NULL == ( fmat = fopen( "matfile_coo", "r" ) ) ) {
data/itsol-1.0.0/TESTS_COO/mainILUKcoo.c:68:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( ( numat = atoi( line ) ) <= 0 ) {
data/itsol-1.0.0/TESTS_COO/mainILUKcoo.c:77:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(io.outfile,"OUT/ILUK.out");
data/itsol-1.0.0/TESTS_COO/mainILUKcoo.c:78:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(io.PrecMeth,"ILUK");
data/itsol-1.0.0/TESTS_COO/mainILUKcoo.c:79:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( NULL == ( io.fout = fopen( io.outfile, "w" ) ) ) {
data/itsol-1.0.0/TESTS_COO/mainILUKcoo.c:175:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( NULL == ( fits = fopen( pltfile, "w" ) ) ) {
data/itsol-1.0.0/TESTS_COO/mainILUTcoo.c:36:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pltfile[256];
data/itsol-1.0.0/TESTS_COO/mainILUTcoo.c:61:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_LINE];
data/itsol-1.0.0/TESTS_COO/mainILUTcoo.c:73:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( NULL == ( fmat = fopen( "matfile_coo", "r" ) ) ) {
data/itsol-1.0.0/TESTS_COO/mainILUTcoo.c:79:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( ( numat = atoi( line ) ) <= 0 ) {
data/itsol-1.0.0/TESTS_COO/mainILUTcoo.c:87:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(io.outfile,"OUT/ILUT.out");
data/itsol-1.0.0/TESTS_COO/mainILUTcoo.c:88:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(io.PrecMeth,"ILUT");
data/itsol-1.0.0/TESTS_COO/mainILUTcoo.c:89:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( NULL == ( io.fout = fopen( io.outfile, "w" ) ) ) {
data/itsol-1.0.0/TESTS_COO/mainILUTcoo.c:175:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char matdata[MAX_LINE];
data/itsol-1.0.0/TESTS_COO/mainILUTcoo.c:201:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( NULL == ( fits = fopen( pltfile, "w" ) ) ) {
data/itsol-1.0.0/TESTS_COO/mainVBILUKcoo.c:37:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pltfile[256];
data/itsol-1.0.0/TESTS_COO/mainVBILUKcoo.c:58:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_LINE];
data/itsol-1.0.0/TESTS_COO/mainVBILUKcoo.c:81:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( NULL == ( fmat = fopen( "matfile_coo", "r" ) ) ) {
data/itsol-1.0.0/TESTS_COO/mainVBILUKcoo.c:87:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( ( numat = atoi( line ) ) <= 0 ) {
data/itsol-1.0.0/TESTS_COO/mainVBILUKcoo.c:95:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(io.outfile,"OUT/VBILUK.out");
data/itsol-1.0.0/TESTS_COO/mainVBILUKcoo.c:96:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(io.PrecMeth,"Variable Block ILUK (VBILUK)");
data/itsol-1.0.0/TESTS_COO/mainVBILUKcoo.c:97:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( NULL == ( io.fout = fopen( io.outfile, "w" ) ) ) {
data/itsol-1.0.0/TESTS_COO/mainVBILUKcoo.c:183:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char matdata[MAX_LINE];
data/itsol-1.0.0/TESTS_COO/mainVBILUKcoo.c:187:31: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( NULL != ( fmatlab = fopen( matdata, "w" ) ) ) {
data/itsol-1.0.0/TESTS_COO/mainVBILUKcoo.c:242:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( NULL == ( fits = fopen( pltfile, "w" ) ) ) {
data/itsol-1.0.0/TESTS_COO/mainVBILUTcoo.c:36:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pltfile[256];
data/itsol-1.0.0/TESTS_COO/mainVBILUTcoo.c:53:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_LINE];
data/itsol-1.0.0/TESTS_COO/mainVBILUTcoo.c:77:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( NULL == ( fmat = fopen( "matfile_coo", "r" ) ) ) {
data/itsol-1.0.0/TESTS_COO/mainVBILUTcoo.c:83:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( ( numat = atoi( line ) ) <= 0 ) {
data/itsol-1.0.0/TESTS_COO/mainVBILUTcoo.c:91:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(io.outfile,"OUT/ILUT.out");
data/itsol-1.0.0/TESTS_COO/mainVBILUTcoo.c:92:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(io.PrecMeth,"Variable Block ILUT (VBILUT)");
data/itsol-1.0.0/TESTS_COO/mainVBILUTcoo.c:93:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( NULL == ( io.fout = fopen( io.outfile, "w" ) ) ) {
data/itsol-1.0.0/TESTS_COO/mainVBILUTcoo.c:178:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char matdata[MAX_LINE];
data/itsol-1.0.0/TESTS_COO/mainVBILUTcoo.c:182:31: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( NULL != ( fmatlab = fopen( matdata, "w" ) ) ) {
data/itsol-1.0.0/TESTS_COO/mainVBILUTcoo.c:246:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( NULL == ( fits = fopen( pltfile, "w" ) ) ) {
data/itsol-1.0.0/TESTS_HB/mainARMShb.c:43:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pltfile[256];
data/itsol-1.0.0/TESTS_HB/mainARMShb.c:71:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_LINE];
data/itsol-1.0.0/TESTS_HB/mainARMShb.c:86:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( NULL == ( fmat = fopen( "matfile_hb", "r" ) ) ) {
data/itsol-1.0.0/TESTS_HB/mainARMShb.c:92:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( (numat = atoi( line ) ) <= 0 ) {
data/itsol-1.0.0/TESTS_HB/mainARMShb.c:104:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(io.outfile,"OUT/ARMS_DDPQ.out");
data/itsol-1.0.0/TESTS_HB/mainARMShb.c:105:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(io.PrecMeth,"ARMS_DDPQ");
data/itsol-1.0.0/TESTS_HB/mainARMShb.c:108:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(io.outfile,"OUT/ARMS.out");
data/itsol-1.0.0/TESTS_HB/mainARMShb.c:109:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(io.PrecMeth,"ARMS");
data/itsol-1.0.0/TESTS_HB/mainARMShb.c:111:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( NULL == ( io.fout = fopen( io.outfile, "w" ) ) ) {
data/itsol-1.0.0/TESTS_HB/mainARMShb.c:198:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( NULL == (fits = fopen( pltfile, "w" ) ) ) {
data/itsol-1.0.0/TESTS_HB/mainILUKhb.c:28:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pltfile[256];
data/itsol-1.0.0/TESTS_HB/mainILUKhb.c:45:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_LINE];
data/itsol-1.0.0/TESTS_HB/mainILUKhb.c:62:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( NULL == ( fmat = fopen( "matfile_hb", "r" ) ) ) {
data/itsol-1.0.0/TESTS_HB/mainILUKhb.c:68:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( ( numat = atoi( line ) ) <= 0 ) {
data/itsol-1.0.0/TESTS_HB/mainILUKhb.c:76:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(io.outfile,"OUT/ILUK.out");
data/itsol-1.0.0/TESTS_HB/mainILUKhb.c:77:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(io.PrecMeth,"ILUK");
data/itsol-1.0.0/TESTS_HB/mainILUKhb.c:78:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( NULL == ( io.fout = fopen( io.outfile, "w" ) ) ) {
data/itsol-1.0.0/TESTS_HB/mainILUKhb.c:170:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( NULL == ( fits = fopen( pltfile, "w" ) ) ) {
data/itsol-1.0.0/TESTS_HB/mainILUThb.c:36:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pltfile[256];
data/itsol-1.0.0/TESTS_HB/mainILUThb.c:61:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_LINE];
data/itsol-1.0.0/TESTS_HB/mainILUThb.c:72:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( NULL == ( fmat = fopen( "matfile_hb", "r" ) ) ) {
data/itsol-1.0.0/TESTS_HB/mainILUThb.c:78:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( ( numat = atoi( line ) ) <= 0 ) {
data/itsol-1.0.0/TESTS_HB/mainILUThb.c:86:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(io.outfile,"OUT/ILUT.out");
data/itsol-1.0.0/TESTS_HB/mainILUThb.c:87:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(io.PrecMeth,"ILUT");
data/itsol-1.0.0/TESTS_HB/mainILUThb.c:88:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( NULL == ( io.fout = fopen( io.outfile, "w" ) ) ) {
data/itsol-1.0.0/TESTS_HB/mainILUThb.c:168:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char matdata[MAX_LINE];
data/itsol-1.0.0/TESTS_HB/mainILUThb.c:193:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( NULL == ( fits = fopen( pltfile, "w" ) ) ) {
data/itsol-1.0.0/TESTS_HB/mainVBILUKhb.c:37:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pltfile[256];
data/itsol-1.0.0/TESTS_HB/mainVBILUKhb.c:58:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_LINE];
data/itsol-1.0.0/TESTS_HB/mainVBILUKhb.c:81:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( NULL == ( fmat = fopen( "matfile_hb", "r" ) ) ) {
data/itsol-1.0.0/TESTS_HB/mainVBILUKhb.c:87:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( ( numat = atoi( line ) ) <= 0 ) {
data/itsol-1.0.0/TESTS_HB/mainVBILUKhb.c:95:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(io.outfile,"OUT/VBILUK.out");
data/itsol-1.0.0/TESTS_HB/mainVBILUKhb.c:96:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(io.PrecMeth,"Variable Block ILUK (VBILUK)");
data/itsol-1.0.0/TESTS_HB/mainVBILUKhb.c:97:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( NULL == ( io.fout = fopen( io.outfile, "w" ) ) ) {
data/itsol-1.0.0/TESTS_HB/mainVBILUKhb.c:178:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char matdata[MAX_LINE];
data/itsol-1.0.0/TESTS_HB/mainVBILUKhb.c:182:31: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( NULL != ( fmatlab = fopen( matdata, "w" ) ) ) {
data/itsol-1.0.0/TESTS_HB/mainVBILUKhb.c:237:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( NULL == ( fits = fopen( pltfile, "w" ) ) ) {
data/itsol-1.0.0/TESTS_HB/mainVBILUThb.c:36:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pltfile[256];
data/itsol-1.0.0/TESTS_HB/mainVBILUThb.c:53:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_LINE];
data/itsol-1.0.0/TESTS_HB/mainVBILUThb.c:77:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( NULL == ( fmat = fopen( "matfile_hb", "r" ) ) ) {
data/itsol-1.0.0/TESTS_HB/mainVBILUThb.c:83:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( ( numat = atoi( line ) ) <= 0 ) {
data/itsol-1.0.0/TESTS_HB/mainVBILUThb.c:91:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(io.outfile,"OUT/ILUT.out");
data/itsol-1.0.0/TESTS_HB/mainVBILUThb.c:92:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(io.PrecMeth,"Variable Block ILUT (VBILUT)");
data/itsol-1.0.0/TESTS_HB/mainVBILUThb.c:93:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( NULL == ( io.fout = fopen( io.outfile, "w" ) ) ) {
data/itsol-1.0.0/TESTS_HB/mainVBILUThb.c:175:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char matdata[MAX_LINE];
data/itsol-1.0.0/TESTS_HB/mainVBILUThb.c:179:31: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( NULL != ( fmatlab = fopen( matdata, "w" ) ) ) {
data/itsol-1.0.0/TESTS_HB/mainVBILUThb.c:242:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( NULL == ( fits = fopen( pltfile, "w" ) ) ) {
data/itsol-1.0.0/arms2.c:183:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(methL, &ipar[10], 4*sizeof(int));
data/itsol-1.0.0/arms2.c:184:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(methS, &ipar[14], 4*sizeof(int));
data/itsol-1.0.0/auxill.c:15:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char guesol[3], title[73], key[9], type[4];
data/itsol-1.0.0/auxill.c:85:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_LINE], *p1, *p2;
data/itsol-1.0.0/auxill.c:86:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( NULL == ( finputs = fopen( in_file, "r" ) ) )
data/itsol-1.0.0/auxill.c:94:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pio->nparam = atoi( p1 );
data/itsol-1.0.0/auxill.c:101:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pio->im = atoi( p1 );
data/itsol-1.0.0/auxill.c:108:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pio->maxits = atoi( p1 );
data/itsol-1.0.0/auxill.c:132:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pio->lfil0 = atoi( p1 );
data/itsol-1.0.0/auxill.c:139:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pio->lfilInc = atoi( p1 );
data/itsol-1.0.0/auxill.c:160:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pio->fill_lev = atoi( p1 );
data/itsol-1.0.0/auxill.c:169:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pio->perm_type = atoi( p1 );
data/itsol-1.0.0/auxill.c:176:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pio->Bsize = atoi( p1 );
data/itsol-1.0.0/auxill.c:186:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_LINE], *p1, *p2;
data/itsol-1.0.0/auxill.c:243:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_LINE];
data/itsol-1.0.0/auxill.c:245:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
matf = fopen(pio->Fname,"r");
data/itsol-1.0.0/auxill.c:276:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ii[k] = atoi(p1);
data/itsol-1.0.0/auxill.c:282:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
jj[k] = atoi(p1);
data/itsol-1.0.0/fgmr.c:102:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(z[i],vv[i],n*sizeof(double));
data/itsol-1.0.0/iluk.c:271:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( L->ja[i], jbuf, sizeof(int)*incl);
data/itsol-1.0.0/iluk.c:278:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(U->ja[i], jbuf+i, sizeof(int)*k );
data/itsol-1.0.0/iluk.c:281:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ulvl[i], levls+i, k*sizeof(int) );
data/itsol-1.0.0/ios.h:7:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outfile[MAX_LINE]; /* output filename */
data/itsol-1.0.0/ios.h:8:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Fname[MAX_LINE]; /* matrix filename */
data/itsol-1.0.0/ios.h:9:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char HBnameF[MAX_HBNAME]; /* HB name */
data/itsol-1.0.0/ios.h:10:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PrecMeth[MAX_LINE]; /* preconditioner being tested */
data/itsol-1.0.0/ios.h:11:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[4]; /* HB type */
data/itsol-1.0.0/vbiluk.c:308:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( L->ja[i], jbuf, sizeof(int)*incl);
data/itsol-1.0.0/vbiluk.c:315:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(U->ja[i], jbuf+i, sizeof(int)*k );
data/itsol-1.0.0/vbiluk.c:318:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ulvl[i], levls+i, k*sizeof(int) );
data/itsol-1.0.0/auxill.c:66:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( pio->type, type, 3 );
ANALYSIS SUMMARY:
Hits = 176
Lines analyzed = 10409 in approximately 0.45 seconds (23358 lines/second)
Physical Source Lines of Code (SLOC) = 6797
Hits@level = [0] 310 [1] 1 [2] 154 [3] 1 [4] 20 [5] 0
Hits@level+ = [0+] 486 [1+] 176 [2+] 175 [3+] 21 [4+] 20 [5+] 0
Hits/KSLOC@level+ = [0+] 71.5021 [1+] 25.8938 [2+] 25.7467 [3+] 3.0896 [4+] 2.94247 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.