Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libzn-poly-0.9.2/demo/bernoulli/bernoulli.c Examining data/libzn-poly-0.9.2/include/profiler.h Examining data/libzn-poly-0.9.2/include/support.h Examining data/libzn-poly-0.9.2/include/zn_poly_internal.h Examining data/libzn-poly-0.9.2/include/wide_arith.h Examining data/libzn-poly-0.9.2/include/zn_poly.h Examining data/libzn-poly-0.9.2/profile/array-profile-main.c Examining data/libzn-poly-0.9.2/profile/array-profile.c Examining data/libzn-poly-0.9.2/profile/invert-profile-main.c Examining data/libzn-poly-0.9.2/profile/invert-profile.c Examining data/libzn-poly-0.9.2/profile/mpn_mulmid-profile-main.c Examining data/libzn-poly-0.9.2/profile/mpn_mulmid-profile.c Examining data/libzn-poly-0.9.2/profile/mul-profile-main.c Examining data/libzn-poly-0.9.2/profile/mul-profile.c Examining data/libzn-poly-0.9.2/profile/mulmid-profile-main.c Examining data/libzn-poly-0.9.2/profile/mulmid-profile.c Examining data/libzn-poly-0.9.2/profile/negamul-profile-main.c Examining data/libzn-poly-0.9.2/profile/negamul-profile.c Examining data/libzn-poly-0.9.2/profile/ntl-profile-dummy.c Examining data/libzn-poly-0.9.2/profile/ntl-profile.c Examining data/libzn-poly-0.9.2/profile/prof_main.c Examining data/libzn-poly-0.9.2/profile/profiler.c Examining data/libzn-poly-0.9.2/src/array.c Examining data/libzn-poly-0.9.2/src/invert.c Examining data/libzn-poly-0.9.2/src/ks_support.c Examining data/libzn-poly-0.9.2/src/misc.c Examining data/libzn-poly-0.9.2/src/mpn_mulmid.c Examining data/libzn-poly-0.9.2/src/mul.c Examining data/libzn-poly-0.9.2/src/mul_fft.c Examining data/libzn-poly-0.9.2/src/mul_fft_dft.c Examining data/libzn-poly-0.9.2/src/mul_ks.c Examining data/libzn-poly-0.9.2/src/mulmid.c Examining data/libzn-poly-0.9.2/src/mulmid_ks.c Examining data/libzn-poly-0.9.2/src/nuss.c Examining data/libzn-poly-0.9.2/src/pack.c Examining data/libzn-poly-0.9.2/src/pmf.c Examining data/libzn-poly-0.9.2/src/pmfvec_fft.c Examining data/libzn-poly-0.9.2/src/zn_mod.c Examining data/libzn-poly-0.9.2/test/invert-test.c Examining data/libzn-poly-0.9.2/test/mpn_mulmid-test.c Examining data/libzn-poly-0.9.2/test/mul_fft-test.c Examining data/libzn-poly-0.9.2/test/mul_ks-test.c Examining data/libzn-poly-0.9.2/test/mulmid_ks-test.c Examining data/libzn-poly-0.9.2/test/nuss-test.c Examining data/libzn-poly-0.9.2/test/pack-test.c Examining data/libzn-poly-0.9.2/test/pmfvec_fft-test.c Examining data/libzn-poly-0.9.2/test/ref_mul.c Examining data/libzn-poly-0.9.2/test/support.c Examining data/libzn-poly-0.9.2/test/test.c Examining data/libzn-poly-0.9.2/tune/mpn_mulmid-tune.c Examining data/libzn-poly-0.9.2/tune/mul-tune.c Examining data/libzn-poly-0.9.2/tune/mul_ks-tune.c Examining data/libzn-poly-0.9.2/tune/mulmid-tune.c Examining data/libzn-poly-0.9.2/tune/mulmid_ks-tune.c Examining data/libzn-poly-0.9.2/tune/nuss-tune.c Examining data/libzn-poly-0.9.2/tune/tune.c Examining data/libzn-poly-0.9.2/tune/tuning.c FINAL RESULTS: data/libzn-poly-0.9.2/tune/tune.c:112:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (x == SIZE_MAX ? "SIZE_MAX;\n" : "%lu;\n", x); data/libzn-poly-0.9.2/tune/tune.c:116:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (x == SIZE_MAX ? "SIZE_MAX;\n" : "%lu;\n", x); data/libzn-poly-0.9.2/tune/tune.c:132:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (x == SIZE_MAX ? " SIZE_MAX," : " %5lu,", x); data/libzn-poly-0.9.2/tune/tune.c:136:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (x == SIZE_MAX ? " SIZE_MAX," : " %5lu,", x); data/libzn-poly-0.9.2/tune/tune.c:140:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (x == SIZE_MAX ? " SIZE_MAX," : " %5lu,", x); data/libzn-poly-0.9.2/tune/tune.c:144:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (x == SIZE_MAX ? " SIZE_MAX," : " %5lu,", x); data/libzn-poly-0.9.2/tune/tune.c:148:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (x == SIZE_MAX ? " SIZE_MAX," : " %5lu,", x); data/libzn-poly-0.9.2/tune/tune.c:152:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (x == SIZE_MAX ? " SIZE_MAX," : " %5lu,", x); data/libzn-poly-0.9.2/tune/tune.c:156:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (x == SIZE_MAX ? " SIZE_MAX," : " %5lu,", x); data/libzn-poly-0.9.2/tune/tune.c:160:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (x == SIZE_MAX ? " SIZE_MAX," : " %5lu,", x); data/libzn-poly-0.9.2/tune/tune.c:164:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (x == SIZE_MAX ? " SIZE_MAX," : " %5lu,", x); data/libzn-poly-0.9.2/demo/bernoulli/bernoulli.c:725:20: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ulong i, p = atol (argv[1]); data/libzn-poly-0.9.2/demo/bernoulli/bernoulli.c:736:21: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ulong i, p1 = atol (argv[1]), p2 = atol (argv[2]); data/libzn-poly-0.9.2/demo/bernoulli/bernoulli.c:736:42: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ulong i, p1 = atol (argv[1]), p2 = atol (argv[2]); data/libzn-poly-0.9.2/profile/invert-profile-main.c:116:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). chosen_bits = atoi (argv[++i]); data/libzn-poly-0.9.2/profile/invert-profile-main.c:121:26: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). chosen_length = atol (argv[++i]); data/libzn-poly-0.9.2/profile/mpn_mulmid-profile-main.c:98:26: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). chosen_length = atol (argv[++i]); data/libzn-poly-0.9.2/profile/mul-profile-main.c:143:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). chosen_bits = atoi (argv[++i]); data/libzn-poly-0.9.2/profile/mul-profile-main.c:148:26: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). chosen_length = atol (argv[++i]); data/libzn-poly-0.9.2/profile/mulmid-profile-main.c:127:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). chosen_bits = atoi (argv[++i]); data/libzn-poly-0.9.2/profile/mulmid-profile-main.c:132:26: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). chosen_length = atol (argv[++i]); data/libzn-poly-0.9.2/profile/negamul-profile-main.c:94:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). chosen_bits = atoi (argv[++i]); data/libzn-poly-0.9.2/profile/negamul-profile-main.c:99:23: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). chosen_lgL = atol (argv[++i]); data/libzn-poly-0.9.2/src/mpn_mulmid.c:539:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (res + 2, temp + n2 + 1, sizeof(mp_limb_t) * (n1 - n2 - 1)); data/libzn-poly-0.9.2/test/ref_mul.c:259:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (res, prod + n2 - 1, sizeof (mp_limb_t) * (n1 - n2 + 2)); data/libzn-poly-0.9.2/test/ref_mul.c:285:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (res + 2, prod + n2 + 1, sizeof (mp_limb_t) * (n1 - n2 - 1)); ANALYSIS SUMMARY: Hits = 26 Lines analyzed = 19244 in approximately 0.53 seconds (36225 lines/second) Physical Source Lines of Code (SLOC) = 10736 Hits@level = [0] 165 [1] 0 [2] 15 [3] 0 [4] 11 [5] 0 Hits@level+ = [0+] 191 [1+] 26 [2+] 26 [3+] 11 [4+] 11 [5+] 0 Hits/KSLOC@level+ = [0+] 17.7906 [1+] 2.42176 [2+] 2.42176 [3+] 1.02459 [4+] 1.02459 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.