Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libint-1.2.1/src/bin/constants.h
Examining data/libint-1.2.1/src/bin/copyright.h
Examining data/libint-1.2.1/src/bin/libderiv/build_libderiv.c
Examining data/libint-1.2.1/src/bin/libderiv/build_libderiv.h
Examining data/libint-1.2.1/src/bin/libderiv/emit_d1hrr_build.c
Examining data/libint-1.2.1/src/bin/libderiv/emit_d1hrr_build_macro.c
Examining data/libint-1.2.1/src/bin/libderiv/emit_deriv12_managers.c
Examining data/libint-1.2.1/src/bin/libderiv/emit_deriv1_managers.c
Examining data/libint-1.2.1/src/bin/libderiv/emit_deriv_build.c
Examining data/libint-1.2.1/src/bin/libderiv/emit_deriv_build_macro.c
Examining data/libint-1.2.1/src/bin/libderiv/mem_man.c
Examining data/libint-1.2.1/src/bin/libderiv/mem_man.h
Examining data/libint-1.2.1/src/bin/libint/build_libint.c
Examining data/libint-1.2.1/src/bin/libint/build_libint.h
Examining data/libint-1.2.1/src/bin/libint/emit_hrr_build.c
Examining data/libint-1.2.1/src/bin/libint/emit_hrr_build_macro.c
Examining data/libint-1.2.1/src/bin/libint/emit_order.c
Examining data/libint-1.2.1/src/bin/libint/emit_vrr_build.c
Examining data/libint-1.2.1/src/bin/libint/emit_vrr_build_macro.c
Examining data/libint-1.2.1/src/bin/libint/mem_man.c
Examining data/libint-1.2.1/src/bin/libint/mem_man.h
Examining data/libint-1.2.1/src/bin/libr12/build_libr12.c
Examining data/libint-1.2.1/src/bin/libr12/build_libr12.h
Examining data/libint-1.2.1/src/bin/libr12/emit_gr_order.c
Examining data/libint-1.2.1/src/bin/libr12/emit_grt_order.c
Examining data/libint-1.2.1/src/bin/libr12/emit_hrr_t_build.c
Examining data/libint-1.2.1/src/bin/libr12/emit_vrr_r_build.c
Examining data/libint-1.2.1/src/bin/libr12/emit_vrr_t1_build.c
Examining data/libint-1.2.1/src/bin/libr12/emit_vrr_t2_build.c
Examining data/libint-1.2.1/src/bin/libr12/mem_man.c
Examining data/libint-1.2.1/src/bin/libr12/mem_man.h
Examining data/libint-1.2.1/src/lib/libint/vrr_build.c
Examining data/libint-1.2.1/src/lib/libr12/r_vrr_build.c
Examining data/libint-1.2.1/src/lib/libr12/t1_vrr_build.c
Examining data/libint-1.2.1/src/lib/libr12/t2_vrr_build.c
FINAL RESULTS:
data/libint-1.2.1/src/bin/libderiv/emit_deriv12_managers.c:162:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(hrr_code_name,"%s.cc",hrr_function_name);
data/libint-1.2.1/src/bin/libderiv/emit_deriv12_managers.c:164:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(vrr_code_name,"%s.h",vrr_function_name);
data/libint-1.2.1/src/bin/libderiv/emit_deriv12_managers.c:166:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(vrr_code_name,"%s.cc",vrr_function_name);
data/libint-1.2.1/src/bin/libderiv/emit_deriv12_managers.c:167:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(inline_vrr_list_name,"inline_%s.h",vrr_function_name);
data/libint-1.2.1/src/bin/libderiv/emit_deriv12_managers.c:168:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(inline_hrr_list_name,"inline_%s.h",hrr_function_name);
data/libint-1.2.1/src/bin/libderiv/emit_deriv1_managers.c:152:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(hrr_code_name,"%s.cc",hrr_function_name);
data/libint-1.2.1/src/bin/libderiv/emit_deriv1_managers.c:154:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(vrr_code_name,"%s.h",vrr_function_name);
data/libint-1.2.1/src/bin/libderiv/emit_deriv1_managers.c:156:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(vrr_code_name,"%s.cc",vrr_function_name);
data/libint-1.2.1/src/bin/libint/emit_hrr_build.c:106:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(subfunction_name[i],"_%s_%d",
data/libint-1.2.1/src/bin/libint/emit_hrr_build.c:111:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(code_name,"%s.cc",function_name);
data/libint-1.2.1/src/bin/libint/emit_hrr_build.c:252:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(subfunction_name[i],"_%s_%d",
data/libint-1.2.1/src/bin/libint/emit_hrr_build.c:257:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(code_name,"%s.cc",function_name);
data/libint-1.2.1/src/bin/libint/emit_hrr_build_macro.c:93:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(code_name,"%s.h",function_name);
data/libint-1.2.1/src/bin/libint/emit_hrr_build_macro.c:175:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(code_name,"%s.h",function_name);
data/libint-1.2.1/src/bin/libint/emit_order.c:146:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(hrr_code_name,"%s.cc",hrr_function_name);
data/libint-1.2.1/src/bin/libint/emit_order.c:148:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(vrr_code_name,"%s.h",vrr_function_name);
data/libint-1.2.1/src/bin/libint/emit_order.c:150:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(vrr_code_name,"%s.cc",vrr_function_name);
data/libint-1.2.1/src/bin/libint/emit_vrr_build.c:80:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(k1[i-1],(void *)number[i]);
data/libint-1.2.1/src/bin/libint/emit_vrr_build.c:81:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(k2[i-1],(void *)number[i]);
data/libint-1.2.1/src/bin/libint/emit_vrr_build.c:82:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(k3[i-1],(void *)number[i]);
data/libint-1.2.1/src/bin/libint/emit_vrr_build.c:83:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(k1[i-1],(void *)k1_suff);
data/libint-1.2.1/src/bin/libint/emit_vrr_build.c:84:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(k2[i-1],(void *)k2_suff);
data/libint-1.2.1/src/bin/libint/emit_vrr_build.c:85:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(k3[i-1],(void *)k3_suff);
data/libint-1.2.1/src/bin/libint/emit_vrr_build_macro.c:82:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(k1[i-1],(void *)number[i]);
data/libint-1.2.1/src/bin/libint/emit_vrr_build_macro.c:83:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(k2[i-1],(void *)number[i]);
data/libint-1.2.1/src/bin/libint/emit_vrr_build_macro.c:84:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(k3[i-1],(void *)number[i]);
data/libint-1.2.1/src/bin/libint/emit_vrr_build_macro.c:85:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(k1[i-1],(void *)k1_suff);
data/libint-1.2.1/src/bin/libint/emit_vrr_build_macro.c:86:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(k2[i-1],(void *)k2_suff);
data/libint-1.2.1/src/bin/libint/emit_vrr_build_macro.c:87:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(k3[i-1],(void *)k3_suff);
data/libint-1.2.1/src/bin/libr12/emit_hrr_t_build.c:92:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(subfunction_name[i],"_%s_%d",
data/libint-1.2.1/src/bin/libr12/emit_hrr_t_build.c:96:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(code_name,"%s.cc",function_name);
data/libint-1.2.1/src/bin/libr12/emit_hrr_t_build.c:265:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(subfunction_name[i],"_%s_%d",
data/libint-1.2.1/src/bin/libr12/emit_vrr_r_build.c:77:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(k1[i-1],(void *)number[i]);
data/libint-1.2.1/src/bin/libr12/emit_vrr_r_build.c:78:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(k2[i-1],(void *)number[i]);
data/libint-1.2.1/src/bin/libr12/emit_vrr_r_build.c:79:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(k3[i-1],(void *)number[i]);
data/libint-1.2.1/src/bin/libr12/emit_vrr_r_build.c:80:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(k1[i-1],(void *)k1_suff);
data/libint-1.2.1/src/bin/libr12/emit_vrr_r_build.c:81:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(k2[i-1],(void *)k2_suff);
data/libint-1.2.1/src/bin/libr12/emit_vrr_r_build.c:82:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(k3[i-1],(void *)k3_suff);
data/libint-1.2.1/src/bin/libr12/emit_vrr_t1_build.c:71:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(k1[i-1],(void *)number[i]);
data/libint-1.2.1/src/bin/libr12/emit_vrr_t1_build.c:72:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(k1[i-1],(void *)k1_suff);
data/libint-1.2.1/src/bin/libr12/emit_vrr_t2_build.c:71:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(k1[i-1],(void *)number[i]);
data/libint-1.2.1/src/bin/libr12/emit_vrr_t2_build.c:72:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(k1[i-1],(void *)k1_suff);
data/libint-1.2.1/src/bin/libderiv/build_libderiv.c:61:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfile = fopen("./output.dat", "w");
data/libint-1.2.1/src/bin/libderiv/build_libderiv.c:62:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
d1hrr_header = fopen("./d1hrr_header.h","w");
data/libint-1.2.1/src/bin/libderiv/build_libderiv.c:63:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
deriv_header = fopen("./deriv_header.h","w");
data/libint-1.2.1/src/bin/libderiv/build_libderiv.c:64:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
libderiv_header = fopen("./libderiv.h","w");
data/libint-1.2.1/src/bin/libderiv/build_libderiv.c:65:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
init_code = fopen("./init_libderiv.cc","w");
data/libint-1.2.1/src/bin/libderiv/emit_d1hrr_build.c:53:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char code_name[19];
data/libint-1.2.1/src/bin/libderiv/emit_d1hrr_build.c:54:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char function_name[17];
data/libint-1.2.1/src/bin/libderiv/emit_d1hrr_build.c:72:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(function_name,"d1hrr3_build_%c%c",am_letter[am_in[0]],am_letter[am_in[1]]);
data/libint-1.2.1/src/bin/libderiv/emit_d1hrr_build.c:73:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(code_name,"d1hrr3_build_%c%c.cc",am_letter[am_in[0]],am_letter[am_in[1]]);
data/libint-1.2.1/src/bin/libderiv/emit_d1hrr_build.c:74:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
code = fopen(code_name,"w");
data/libint-1.2.1/src/bin/libderiv/emit_d1hrr_build.c:152:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(function_name,"d1hrr1_build_%c%c",am_letter[am_in[0]],am_letter[am_in[1]]);
data/libint-1.2.1/src/bin/libderiv/emit_d1hrr_build.c:153:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(code_name,"d1hrr1_build_%c%c.cc",am_letter[am_in[0]],am_letter[am_in[1]]);
data/libint-1.2.1/src/bin/libderiv/emit_d1hrr_build.c:154:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
code = fopen(code_name,"w");
data/libint-1.2.1/src/bin/libderiv/emit_d1hrr_build_macro.c:53:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char code_name[19];
data/libint-1.2.1/src/bin/libderiv/emit_d1hrr_build_macro.c:54:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char function_name[17];
data/libint-1.2.1/src/bin/libderiv/emit_d1hrr_build_macro.c:74:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(function_name,"d1hrr3_build_%c%c",am_letter[am_in[0]],am_letter[am_in[1]]);
data/libint-1.2.1/src/bin/libderiv/emit_d1hrr_build_macro.c:75:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(code_name,"d1hrr3_build_%c%c.h",am_letter[am_in[0]],am_letter[am_in[1]]);
data/libint-1.2.1/src/bin/libderiv/emit_d1hrr_build_macro.c:76:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
code = fopen(code_name,"w");
data/libint-1.2.1/src/bin/libderiv/emit_d1hrr_build_macro.c:155:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(function_name,"d1hrr1_build_%c%c",am_letter[am_in[0]],am_letter[am_in[1]]);
data/libint-1.2.1/src/bin/libderiv/emit_d1hrr_build_macro.c:156:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(code_name,"d1hrr1_build_%c%c.h",am_letter[am_in[0]],am_letter[am_in[1]]);
data/libint-1.2.1/src/bin/libderiv/emit_d1hrr_build_macro.c:157:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
code = fopen(code_name,"w");
data/libint-1.2.1/src/bin/libderiv/emit_deriv12_managers.c:118:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hrr_code_name[80];
data/libint-1.2.1/src/bin/libderiv/emit_deriv12_managers.c:119:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hrr_function_name[80];
data/libint-1.2.1/src/bin/libderiv/emit_deriv12_managers.c:120:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vrr_code_name[80];
data/libint-1.2.1/src/bin/libderiv/emit_deriv12_managers.c:121:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vrr_function_name[80];
data/libint-1.2.1/src/bin/libderiv/emit_deriv12_managers.c:122:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inline_vrr_list_name[80];
data/libint-1.2.1/src/bin/libderiv/emit_deriv12_managers.c:123:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inline_hrr_list_name[80];
data/libint-1.2.1/src/bin/libderiv/emit_deriv12_managers.c:152:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hrr_function_name,"d12hrr_order_%c%c%c%c",
data/libint-1.2.1/src/bin/libderiv/emit_deriv12_managers.c:157:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(vrr_function_name,"d12vrr_order_%c%c%c%c",
data/libint-1.2.1/src/bin/libderiv/emit_deriv12_managers.c:169:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
hrr_code = fopen(hrr_code_name,"w");
data/libint-1.2.1/src/bin/libderiv/emit_deriv12_managers.c:170:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
vrr_code = fopen(vrr_code_name,"w");
data/libint-1.2.1/src/bin/libderiv/emit_deriv12_managers.c:171:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inline_vrr_list = fopen(inline_vrr_list_name,"w");
data/libint-1.2.1/src/bin/libderiv/emit_deriv12_managers.c:172:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inline_hrr_list = fopen(inline_hrr_list_name,"w");
data/libint-1.2.1/src/bin/libderiv/emit_deriv12_managers.c:502:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vrr_nodes[last_vrr_node].deriv_ind,hrr_nodes[i].deriv_ind,12*sizeof(int));
data/libint-1.2.1/src/bin/libderiv/emit_deriv12_managers.c:831:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(O[0].deriv_ind,node.deriv_ind,12*sizeof(int));
data/libint-1.2.1/src/bin/libderiv/emit_deriv12_managers.c:840:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(O[1].deriv_ind,node.deriv_ind,12*sizeof(int));
data/libint-1.2.1/src/bin/libderiv/emit_deriv12_managers.c:851:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(O[2+i].deriv_ind,node.deriv_ind,12*sizeof(int));
data/libint-1.2.1/src/bin/libderiv/emit_deriv12_managers.c:864:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(O[0].deriv_ind,node.deriv_ind,12*sizeof(int));
data/libint-1.2.1/src/bin/libderiv/emit_deriv12_managers.c:873:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(O[1].deriv_ind,node.deriv_ind,12*sizeof(int));
data/libint-1.2.1/src/bin/libderiv/emit_deriv12_managers.c:884:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(O[2+i].deriv_ind,node.deriv_ind,12*sizeof(int));
data/libint-1.2.1/src/bin/libderiv/emit_deriv1_managers.c:146:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hrr_function_name,"d1hrr_order_%c%c%c%c",
data/libint-1.2.1/src/bin/libderiv/emit_deriv1_managers.c:149:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(vrr_function_name,"d1vrr_order_%c%c%c%c",
data/libint-1.2.1/src/bin/libderiv/emit_deriv1_managers.c:157:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(inline_vrr_list_name,"inline_d1vrr_order_%c%c%c%c.h",
data/libint-1.2.1/src/bin/libderiv/emit_deriv1_managers.c:160:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(inline_hrr_list_name,"inline_d1hrr_order_%c%c%c%c.h",
data/libint-1.2.1/src/bin/libderiv/emit_deriv1_managers.c:163:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
hrr_code = fopen(hrr_code_name,"w");
data/libint-1.2.1/src/bin/libderiv/emit_deriv1_managers.c:164:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
vrr_code = fopen(vrr_code_name,"w");
data/libint-1.2.1/src/bin/libderiv/emit_deriv1_managers.c:165:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inline_vrr_list = fopen(inline_vrr_list_name,"w");
data/libint-1.2.1/src/bin/libderiv/emit_deriv1_managers.c:166:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inline_hrr_list = fopen(inline_hrr_list_name,"w");
data/libint-1.2.1/src/bin/libderiv/emit_deriv1_managers.c:451:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vrr_nodes[last_vrr_node].deriv_ind,hrr_nodes[i].deriv_ind,12*sizeof(int));
data/libint-1.2.1/src/bin/libderiv/emit_deriv1_managers.c:771:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(O[0].deriv_ind,node.deriv_ind,12*sizeof(int));
data/libint-1.2.1/src/bin/libderiv/emit_deriv1_managers.c:780:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(O[1].deriv_ind,node.deriv_ind,12*sizeof(int));
data/libint-1.2.1/src/bin/libderiv/emit_deriv1_managers.c:791:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(O[2+i].deriv_ind,node.deriv_ind,12*sizeof(int));
data/libint-1.2.1/src/bin/libderiv/emit_deriv1_managers.c:804:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(O[0].deriv_ind,node.deriv_ind,12*sizeof(int));
data/libint-1.2.1/src/bin/libderiv/emit_deriv1_managers.c:813:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(O[1].deriv_ind,node.deriv_ind,12*sizeof(int));
data/libint-1.2.1/src/bin/libderiv/emit_deriv1_managers.c:824:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(O[2+i].deriv_ind,node.deriv_ind,12*sizeof(int));
data/libint-1.2.1/src/bin/libderiv/emit_deriv_build.c:76:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
code = fopen(code_name,"w");
data/libint-1.2.1/src/bin/libderiv/emit_deriv_build.c:182:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
code = fopen(code_name,"w");
data/libint-1.2.1/src/bin/libderiv/emit_deriv_build.c:290:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
code = fopen(code_name,"w");
data/libint-1.2.1/src/bin/libderiv/emit_deriv_build.c:397:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
code = fopen(code_name,"w");
data/libint-1.2.1/src/bin/libderiv/emit_deriv_build_macro.c:79:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
code = fopen(code_name,"w");
data/libint-1.2.1/src/bin/libderiv/emit_deriv_build_macro.c:179:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
code = fopen(code_name,"w");
data/libint-1.2.1/src/bin/libderiv/emit_deriv_build_macro.c:283:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
code = fopen(code_name,"w");
data/libint-1.2.1/src/bin/libderiv/emit_deriv_build_macro.c:386:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
code = fopen(code_name,"w");
data/libint-1.2.1/src/bin/libint/build_libint.c:83:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfile = fopen("./output.dat", "w");
data/libint-1.2.1/src/bin/libint/build_libint.c:84:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
vrr_header = fopen("./vrr_header.h","w");
data/libint-1.2.1/src/bin/libint/build_libint.c:85:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
hrr_header = fopen("./hrr_header.h","w");
data/libint-1.2.1/src/bin/libint/build_libint.c:86:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
libint_header = fopen("./libint.h","w");
data/libint-1.2.1/src/bin/libint/build_libint.c:87:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
init_code = fopen("./init_libint.cc","w");
data/libint-1.2.1/src/bin/libint/build_libint.c:112:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(real_type,"long double");
data/libint-1.2.1/src/bin/libint/build_libint.c:117:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(real_type,"double");
data/libint-1.2.1/src/bin/libint/emit_hrr_build.c:60:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char code_name[20];
data/libint-1.2.1/src/bin/libint/emit_hrr_build.c:61:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char function_name[18];
data/libint-1.2.1/src/bin/libint/emit_hrr_build.c:101:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(function_name,"hrr3_build_%c%c",am_letter[am_in[0]],am_letter[am_in[1]]);
data/libint-1.2.1/src/bin/libint/emit_hrr_build.c:112:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
code = fopen(code_name,"w");
data/libint-1.2.1/src/bin/libint/emit_hrr_build.c:247:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(function_name,"hrr1_build_%c%c",am_letter[am_in[0]],am_letter[am_in[1]]);
data/libint-1.2.1/src/bin/libint/emit_hrr_build.c:258:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
code = fopen(code_name,"w");
data/libint-1.2.1/src/bin/libint/emit_hrr_build_macro.c:59:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char code_name[20];
data/libint-1.2.1/src/bin/libint/emit_hrr_build_macro.c:60:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char function_name[18];
data/libint-1.2.1/src/bin/libint/emit_hrr_build_macro.c:92:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(function_name,"hrr3_build_%c%c",am_letter[am_in[0]],am_letter[am_in[1]]);
data/libint-1.2.1/src/bin/libint/emit_hrr_build_macro.c:94:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
code = fopen(code_name,"w");
data/libint-1.2.1/src/bin/libint/emit_hrr_build_macro.c:174:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(function_name,"hrr1_build_%c%c",am_letter[am_in[0]],am_letter[am_in[1]]);
data/libint-1.2.1/src/bin/libint/emit_hrr_build_macro.c:176:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
code = fopen(code_name,"w");
data/libint-1.2.1/src/bin/libint/emit_order.c:140:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hrr_function_name,"hrr_order_%c%c%c%c",
data/libint-1.2.1/src/bin/libint/emit_order.c:143:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(vrr_function_name,"vrr_order_%c%c%c%c",
data/libint-1.2.1/src/bin/libint/emit_order.c:151:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(inline_vrr_list_name,"inline_vrr_order_%c%c%c%c.h",
data/libint-1.2.1/src/bin/libint/emit_order.c:154:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(inline_hrr_list_name,"inline_hrr_order_%c%c%c%c.h",
data/libint-1.2.1/src/bin/libint/emit_order.c:157:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
hrr_code = fopen(hrr_code_name,"w");
data/libint-1.2.1/src/bin/libint/emit_order.c:158:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
vrr_code = fopen(vrr_code_name,"w");
data/libint-1.2.1/src/bin/libint/emit_order.c:159:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inline_vrr_list = fopen(inline_vrr_list_name,"w");
data/libint-1.2.1/src/bin/libint/emit_order.c:160:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inline_hrr_list = fopen(inline_hrr_list_name,"w");
data/libint-1.2.1/src/bin/libint/emit_vrr_build.c:148:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(function_name,"build_%c0%c0",am_letter[la],am_letter[lc]);
data/libint-1.2.1/src/bin/libint/emit_vrr_build.c:149:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(code_name,"build_%c0%c0.cc",am_letter[la],am_letter[lc]);
data/libint-1.2.1/src/bin/libint/emit_vrr_build.c:150:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
code = fopen(code_name,"w");
data/libint-1.2.1/src/bin/libint/emit_vrr_build.c:167:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(subfunction_name[i],"_build_%c0%c0_%d",am_letter[la],am_letter[lc],i);
data/libint-1.2.1/src/bin/libint/emit_vrr_build_macro.c:131:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(function_name,"build_%c0%c0",am_letter[la],am_letter[lc]);
data/libint-1.2.1/src/bin/libint/emit_vrr_build_macro.c:132:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(code_name,"build_%c0%c0.h",am_letter[la],am_letter[lc]);
data/libint-1.2.1/src/bin/libint/emit_vrr_build_macro.c:133:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
code = fopen(code_name,"w");
data/libint-1.2.1/src/bin/libr12/build_libr12.c:72:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfile = fopen("./output.dat", "w");
data/libint-1.2.1/src/bin/libr12/build_libr12.c:73:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
hrr_header = fopen("./r12_hrr_header.h","w");
data/libint-1.2.1/src/bin/libr12/build_libr12.c:74:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
vrr_header = fopen("./r12_vrr_header.h","w");
data/libint-1.2.1/src/bin/libr12/build_libr12.c:75:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
libr12_header = fopen("./libr12.h","w");
data/libint-1.2.1/src/bin/libr12/build_libr12.c:76:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
init_code = fopen("./init_libr12.cc","w");
data/libint-1.2.1/src/bin/libr12/emit_gr_order.c:144:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
hrr_code = fopen(hrr_code_name,"w");
data/libint-1.2.1/src/bin/libr12/emit_gr_order.c:149:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
vrr_code = fopen(vrr_code_name,"w");
data/libint-1.2.1/src/bin/libr12/emit_grt_order.c:143:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
hrr_code = fopen(hrr_code_name,"w");
data/libint-1.2.1/src/bin/libr12/emit_grt_order.c:148:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
vrr_code = fopen(vrr_code_name,"w");
data/libint-1.2.1/src/bin/libr12/emit_hrr_t_build.c:57:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char code_name[21];
data/libint-1.2.1/src/bin/libr12/emit_hrr_t_build.c:58:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char function_name[18];
data/libint-1.2.1/src/bin/libr12/emit_hrr_t_build.c:87:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(function_name,"t2hrr3_build_%c%c",am_letter[am_in[0]],am_letter[am_in[1]]);
data/libint-1.2.1/src/bin/libr12/emit_hrr_t_build.c:97:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
code = fopen(code_name,"w");
data/libint-1.2.1/src/bin/libr12/emit_hrr_t_build.c:260:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(function_name,"t1hrr1_build_%c%c",am_letter[am_in[0]],am_letter[am_in[1]]);
data/libint-1.2.1/src/bin/libr12/emit_hrr_t_build.c:269:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(code_name,"t1hrr1_build_%c%c.cc",am_letter[am_in[0]],am_letter[am_in[1]]);
data/libint-1.2.1/src/bin/libr12/emit_hrr_t_build.c:270:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
code = fopen(code_name,"w");
data/libint-1.2.1/src/bin/libr12/emit_vrr_r_build.c:132:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(function_name,"r_build_%c0%c0",am_letter[la],am_letter[lc]);
data/libint-1.2.1/src/bin/libr12/emit_vrr_r_build.c:133:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(code_name,"r_build_%c0%c0.cc",am_letter[la],am_letter[lc]);
data/libint-1.2.1/src/bin/libr12/emit_vrr_r_build.c:134:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
code = fopen(code_name,"w");
data/libint-1.2.1/src/bin/libr12/emit_vrr_r_build.c:152:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(subfunction_name[i],"_r_build_%c0%c0_%d",am_letter[la],am_letter[lc],i);
data/libint-1.2.1/src/bin/libr12/emit_vrr_t1_build.c:111:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(function_name,"t1_build_%c0%c0",am_letter[la],am_letter[lc]);
data/libint-1.2.1/src/bin/libr12/emit_vrr_t1_build.c:112:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(code_name,"t1_build_%c0%c0.cc",am_letter[la],am_letter[lc]);
data/libint-1.2.1/src/bin/libr12/emit_vrr_t1_build.c:113:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
code = fopen(code_name,"w");
data/libint-1.2.1/src/bin/libr12/emit_vrr_t1_build.c:132:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(subfunction_name[i],"_t1_build_%c0%c0_%d",am_letter[la],am_letter[lc],i);
data/libint-1.2.1/src/bin/libr12/emit_vrr_t2_build.c:111:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(function_name,"t2_build_%c0%c0",am_letter[la],am_letter[lc]);
data/libint-1.2.1/src/bin/libr12/emit_vrr_t2_build.c:112:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(code_name,"t2_build_%c0%c0.cc",am_letter[la],am_letter[lc]);
data/libint-1.2.1/src/bin/libr12/emit_vrr_t2_build.c:113:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
code = fopen(code_name,"w");
data/libint-1.2.1/src/bin/libr12/emit_vrr_t2_build.c:132:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(subfunction_name[i],"_t2_build_%c0%c0_%d",am_letter[la],am_letter[lc],i);
data/libint-1.2.1/src/bin/libint/build_libint.c:110:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen("long double") + 1;
data/libint-1.2.1/src/bin/libint/build_libint.c:115:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen("double") + 1;
data/libint-1.2.1/src/bin/libint/emit_vrr_build.c:76:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen((void *)number[i]);
data/libint-1.2.1/src/bin/libint/emit_vrr_build_macro.c:78:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen((void *)number[i]);
data/libint-1.2.1/src/bin/libr12/emit_vrr_r_build.c:73:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen((void *)number[i]);
data/libint-1.2.1/src/bin/libr12/emit_vrr_t1_build.c:69:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen((void *)number[i]);
data/libint-1.2.1/src/bin/libr12/emit_vrr_t2_build.c:69:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen((void *)number[i]);
ANALYSIS SUMMARY:
Hits = 174
Lines analyzed = 12292 in approximately 0.64 seconds (19125 lines/second)
Physical Source Lines of Code (SLOC) = 9492
Hits@level = [0] 1645 [1] 7 [2] 125 [3] 0 [4] 42 [5] 0
Hits@level+ = [0+] 1819 [1+] 174 [2+] 167 [3+] 42 [4+] 42 [5+] 0
Hits/KSLOC@level+ = [0+] 191.635 [1+] 18.3312 [2+] 17.5938 [3+] 4.42478 [4+] 4.42478 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.