Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libzn-poly-0.9.2/demo/bernoulli/bernoulli.c
Examining data/libzn-poly-0.9.2/include/profiler.h
Examining data/libzn-poly-0.9.2/include/support.h
Examining data/libzn-poly-0.9.2/include/zn_poly_internal.h
Examining data/libzn-poly-0.9.2/include/wide_arith.h
Examining data/libzn-poly-0.9.2/include/zn_poly.h
Examining data/libzn-poly-0.9.2/profile/array-profile-main.c
Examining data/libzn-poly-0.9.2/profile/array-profile.c
Examining data/libzn-poly-0.9.2/profile/invert-profile-main.c
Examining data/libzn-poly-0.9.2/profile/invert-profile.c
Examining data/libzn-poly-0.9.2/profile/mpn_mulmid-profile-main.c
Examining data/libzn-poly-0.9.2/profile/mpn_mulmid-profile.c
Examining data/libzn-poly-0.9.2/profile/mul-profile-main.c
Examining data/libzn-poly-0.9.2/profile/mul-profile.c
Examining data/libzn-poly-0.9.2/profile/mulmid-profile-main.c
Examining data/libzn-poly-0.9.2/profile/mulmid-profile.c
Examining data/libzn-poly-0.9.2/profile/negamul-profile-main.c
Examining data/libzn-poly-0.9.2/profile/negamul-profile.c
Examining data/libzn-poly-0.9.2/profile/ntl-profile-dummy.c
Examining data/libzn-poly-0.9.2/profile/ntl-profile.c
Examining data/libzn-poly-0.9.2/profile/prof_main.c
Examining data/libzn-poly-0.9.2/profile/profiler.c
Examining data/libzn-poly-0.9.2/src/array.c
Examining data/libzn-poly-0.9.2/src/invert.c
Examining data/libzn-poly-0.9.2/src/ks_support.c
Examining data/libzn-poly-0.9.2/src/misc.c
Examining data/libzn-poly-0.9.2/src/mpn_mulmid.c
Examining data/libzn-poly-0.9.2/src/mul.c
Examining data/libzn-poly-0.9.2/src/mul_fft.c
Examining data/libzn-poly-0.9.2/src/mul_fft_dft.c
Examining data/libzn-poly-0.9.2/src/mul_ks.c
Examining data/libzn-poly-0.9.2/src/mulmid.c
Examining data/libzn-poly-0.9.2/src/mulmid_ks.c
Examining data/libzn-poly-0.9.2/src/nuss.c
Examining data/libzn-poly-0.9.2/src/pack.c
Examining data/libzn-poly-0.9.2/src/pmf.c
Examining data/libzn-poly-0.9.2/src/pmfvec_fft.c
Examining data/libzn-poly-0.9.2/src/zn_mod.c
Examining data/libzn-poly-0.9.2/test/invert-test.c
Examining data/libzn-poly-0.9.2/test/mpn_mulmid-test.c
Examining data/libzn-poly-0.9.2/test/mul_fft-test.c
Examining data/libzn-poly-0.9.2/test/mul_ks-test.c
Examining data/libzn-poly-0.9.2/test/mulmid_ks-test.c
Examining data/libzn-poly-0.9.2/test/nuss-test.c
Examining data/libzn-poly-0.9.2/test/pack-test.c
Examining data/libzn-poly-0.9.2/test/pmfvec_fft-test.c
Examining data/libzn-poly-0.9.2/test/ref_mul.c
Examining data/libzn-poly-0.9.2/test/support.c
Examining data/libzn-poly-0.9.2/test/test.c
Examining data/libzn-poly-0.9.2/tune/mpn_mulmid-tune.c
Examining data/libzn-poly-0.9.2/tune/mul-tune.c
Examining data/libzn-poly-0.9.2/tune/mul_ks-tune.c
Examining data/libzn-poly-0.9.2/tune/mulmid-tune.c
Examining data/libzn-poly-0.9.2/tune/mulmid_ks-tune.c
Examining data/libzn-poly-0.9.2/tune/nuss-tune.c
Examining data/libzn-poly-0.9.2/tune/tune.c
Examining data/libzn-poly-0.9.2/tune/tuning.c
FINAL RESULTS:
data/libzn-poly-0.9.2/tune/tune.c:112:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (x == SIZE_MAX ? "SIZE_MAX;\n" : "%lu;\n", x);
data/libzn-poly-0.9.2/tune/tune.c:116:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (x == SIZE_MAX ? "SIZE_MAX;\n" : "%lu;\n", x);
data/libzn-poly-0.9.2/tune/tune.c:132:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (x == SIZE_MAX ? " SIZE_MAX," : " %5lu,", x);
data/libzn-poly-0.9.2/tune/tune.c:136:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (x == SIZE_MAX ? " SIZE_MAX," : " %5lu,", x);
data/libzn-poly-0.9.2/tune/tune.c:140:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (x == SIZE_MAX ? " SIZE_MAX," : " %5lu,", x);
data/libzn-poly-0.9.2/tune/tune.c:144:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (x == SIZE_MAX ? " SIZE_MAX," : " %5lu,", x);
data/libzn-poly-0.9.2/tune/tune.c:148:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (x == SIZE_MAX ? " SIZE_MAX," : " %5lu,", x);
data/libzn-poly-0.9.2/tune/tune.c:152:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (x == SIZE_MAX ? " SIZE_MAX," : " %5lu,", x);
data/libzn-poly-0.9.2/tune/tune.c:156:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (x == SIZE_MAX ? " SIZE_MAX," : " %5lu,", x);
data/libzn-poly-0.9.2/tune/tune.c:160:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (x == SIZE_MAX ? " SIZE_MAX," : " %5lu,", x);
data/libzn-poly-0.9.2/tune/tune.c:164:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (x == SIZE_MAX ? " SIZE_MAX," : " %5lu,", x);
data/libzn-poly-0.9.2/demo/bernoulli/bernoulli.c:725:20: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ulong i, p = atol (argv[1]);
data/libzn-poly-0.9.2/demo/bernoulli/bernoulli.c:736:21: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ulong i, p1 = atol (argv[1]), p2 = atol (argv[2]);
data/libzn-poly-0.9.2/demo/bernoulli/bernoulli.c:736:42: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ulong i, p1 = atol (argv[1]), p2 = atol (argv[2]);
data/libzn-poly-0.9.2/profile/invert-profile-main.c:116:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
chosen_bits = atoi (argv[++i]);
data/libzn-poly-0.9.2/profile/invert-profile-main.c:121:26: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
chosen_length = atol (argv[++i]);
data/libzn-poly-0.9.2/profile/mpn_mulmid-profile-main.c:98:26: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
chosen_length = atol (argv[++i]);
data/libzn-poly-0.9.2/profile/mul-profile-main.c:143:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
chosen_bits = atoi (argv[++i]);
data/libzn-poly-0.9.2/profile/mul-profile-main.c:148:26: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
chosen_length = atol (argv[++i]);
data/libzn-poly-0.9.2/profile/mulmid-profile-main.c:127:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
chosen_bits = atoi (argv[++i]);
data/libzn-poly-0.9.2/profile/mulmid-profile-main.c:132:26: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
chosen_length = atol (argv[++i]);
data/libzn-poly-0.9.2/profile/negamul-profile-main.c:94:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
chosen_bits = atoi (argv[++i]);
data/libzn-poly-0.9.2/profile/negamul-profile-main.c:99:23: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
chosen_lgL = atol (argv[++i]);
data/libzn-poly-0.9.2/src/mpn_mulmid.c:539:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (res + 2, temp + n2 + 1, sizeof(mp_limb_t) * (n1 - n2 - 1));
data/libzn-poly-0.9.2/test/ref_mul.c:259:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (res, prod + n2 - 1, sizeof (mp_limb_t) * (n1 - n2 + 2));
data/libzn-poly-0.9.2/test/ref_mul.c:285:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (res + 2, prod + n2 + 1, sizeof (mp_limb_t) * (n1 - n2 - 1));
ANALYSIS SUMMARY:
Hits = 26
Lines analyzed = 19244 in approximately 0.53 seconds (36225 lines/second)
Physical Source Lines of Code (SLOC) = 10736
Hits@level = [0] 165 [1] 0 [2] 15 [3] 0 [4] 11 [5] 0
Hits@level+ = [0+] 191 [1+] 26 [2+] 26 [3+] 11 [4+] 11 [5+] 0
Hits/KSLOC@level+ = [0+] 17.7906 [1+] 2.42176 [2+] 2.42176 [3+] 1.02459 [4+] 1.02459 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.