Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/nlopt-2.7.0/src/algs/ags/ags.cc
Examining data/nlopt-2.7.0/src/algs/ags/ags.h
Examining data/nlopt-2.7.0/src/algs/ags/data_types.hpp
Examining data/nlopt-2.7.0/src/algs/ags/evolvent.cc
Examining data/nlopt-2.7.0/src/algs/ags/evolvent.hpp
Examining data/nlopt-2.7.0/src/algs/ags/local_optimizer.cc
Examining data/nlopt-2.7.0/src/algs/ags/local_optimizer.hpp
Examining data/nlopt-2.7.0/src/algs/ags/solver.cc
Examining data/nlopt-2.7.0/src/algs/ags/solver.hpp
Examining data/nlopt-2.7.0/src/algs/ags/tst.cc
Examining data/nlopt-2.7.0/src/algs/auglag/auglag.c
Examining data/nlopt-2.7.0/src/algs/auglag/auglag.h
Examining data/nlopt-2.7.0/src/algs/bobyqa/bobyqa.c
Examining data/nlopt-2.7.0/src/algs/bobyqa/bobyqa.h
Examining data/nlopt-2.7.0/src/algs/cdirect/cdirect.c
Examining data/nlopt-2.7.0/src/algs/cdirect/cdirect.h
Examining data/nlopt-2.7.0/src/algs/cdirect/hybrid.c
Examining data/nlopt-2.7.0/src/algs/cobyla/cobyla.c
Examining data/nlopt-2.7.0/src/algs/cobyla/cobyla.h
Examining data/nlopt-2.7.0/src/algs/cquad/cquad.c
Examining data/nlopt-2.7.0/src/algs/cquad/cquad.h
Examining data/nlopt-2.7.0/src/algs/crs/crs.c
Examining data/nlopt-2.7.0/src/algs/crs/crs.h
Examining data/nlopt-2.7.0/src/algs/direct/DIRect.c
Examining data/nlopt-2.7.0/src/algs/direct/DIRparallel.c
Examining data/nlopt-2.7.0/src/algs/direct/DIRserial.c
Examining data/nlopt-2.7.0/src/algs/direct/DIRsubrout.c
Examining data/nlopt-2.7.0/src/algs/direct/direct-internal.h
Examining data/nlopt-2.7.0/src/algs/direct/direct.h
Examining data/nlopt-2.7.0/src/algs/direct/direct_wrap.c
Examining data/nlopt-2.7.0/src/algs/direct/tstc.c
Examining data/nlopt-2.7.0/src/algs/esch/esch.c
Examining data/nlopt-2.7.0/src/algs/esch/esch.h
Examining data/nlopt-2.7.0/src/algs/isres/isres.c
Examining data/nlopt-2.7.0/src/algs/isres/isres.h
Examining data/nlopt-2.7.0/src/algs/luksan/luksan.h
Examining data/nlopt-2.7.0/src/algs/luksan/mssubs.c
Examining data/nlopt-2.7.0/src/algs/luksan/plip.c
Examining data/nlopt-2.7.0/src/algs/luksan/plis.c
Examining data/nlopt-2.7.0/src/algs/luksan/pnet.c
Examining data/nlopt-2.7.0/src/algs/luksan/pssubs.c
Examining data/nlopt-2.7.0/src/algs/mlsl/mlsl.c
Examining data/nlopt-2.7.0/src/algs/mlsl/mlsl.h
Examining data/nlopt-2.7.0/src/algs/mma/ccsa_quadratic.c
Examining data/nlopt-2.7.0/src/algs/mma/mma.c
Examining data/nlopt-2.7.0/src/algs/mma/mma.h
Examining data/nlopt-2.7.0/src/algs/neldermead/neldermead.h
Examining data/nlopt-2.7.0/src/algs/neldermead/nldrmd.c
Examining data/nlopt-2.7.0/src/algs/neldermead/sbplx.c
Examining data/nlopt-2.7.0/src/algs/newuoa/newuoa.c
Examining data/nlopt-2.7.0/src/algs/newuoa/newuoa.h
Examining data/nlopt-2.7.0/src/algs/praxis/praxis.c
Examining data/nlopt-2.7.0/src/algs/praxis/praxis.h
Examining data/nlopt-2.7.0/src/algs/slsqp/slsqp.c
Examining data/nlopt-2.7.0/src/algs/slsqp/slsqp.h
Examining data/nlopt-2.7.0/src/algs/stogo/global.cc
Examining data/nlopt-2.7.0/src/algs/stogo/global.h
Examining data/nlopt-2.7.0/src/algs/stogo/linalg.cc
Examining data/nlopt-2.7.0/src/algs/stogo/linalg.h
Examining data/nlopt-2.7.0/src/algs/stogo/local.cc
Examining data/nlopt-2.7.0/src/algs/stogo/local.h
Examining data/nlopt-2.7.0/src/algs/stogo/prog.cc
Examining data/nlopt-2.7.0/src/algs/stogo/rosen.h
Examining data/nlopt-2.7.0/src/algs/stogo/stogo.cc
Examining data/nlopt-2.7.0/src/algs/stogo/stogo.h
Examining data/nlopt-2.7.0/src/algs/stogo/stogo_config.h
Examining data/nlopt-2.7.0/src/algs/stogo/testfun.h
Examining data/nlopt-2.7.0/src/algs/stogo/testros.cc
Examining data/nlopt-2.7.0/src/algs/stogo/tools.cc
Examining data/nlopt-2.7.0/src/algs/stogo/tools.h
Examining data/nlopt-2.7.0/src/algs/stogo/tst.cc
Examining data/nlopt-2.7.0/src/algs/stogo/tstc.c
Examining data/nlopt-2.7.0/src/algs/subplex/subplex.c
Examining data/nlopt-2.7.0/src/algs/subplex/subplex.h
Examining data/nlopt-2.7.0/src/api/deprecated.c
Examining data/nlopt-2.7.0/src/api/f77api.c
Examining data/nlopt-2.7.0/src/api/f77funcs.h
Examining data/nlopt-2.7.0/src/api/f77funcs_.h
Examining data/nlopt-2.7.0/src/api/general.c
Examining data/nlopt-2.7.0/src/api/nlopt-in.hpp
Examining data/nlopt-2.7.0/src/api/nlopt-internal.h
Examining data/nlopt-2.7.0/src/api/nlopt.h
Examining data/nlopt-2.7.0/src/api/optimize.c
Examining data/nlopt-2.7.0/src/api/options.c
Examining data/nlopt-2.7.0/src/octave/dummy.c
Examining data/nlopt-2.7.0/src/octave/nlopt_optimize-mex.c
Examining data/nlopt-2.7.0/src/octave/nlopt_optimize-oct.cc
Examining data/nlopt-2.7.0/src/util/mt19937ar.c
Examining data/nlopt-2.7.0/src/util/mt19937ar_test.c
Examining data/nlopt-2.7.0/src/util/nlopt-getopt.c
Examining data/nlopt-2.7.0/src/util/nlopt-getopt.h
Examining data/nlopt-2.7.0/src/util/nlopt-util.h
Examining data/nlopt-2.7.0/src/util/qsort_r.c
Examining data/nlopt-2.7.0/src/util/redblack.c
Examining data/nlopt-2.7.0/src/util/redblack.h
Examining data/nlopt-2.7.0/src/util/redblack_test.c
Examining data/nlopt-2.7.0/src/util/rescale.c
Examining data/nlopt-2.7.0/src/util/soboldata.h
Examining data/nlopt-2.7.0/src/util/sobolseq.c
Examining data/nlopt-2.7.0/src/util/sobolseq_test.c
Examining data/nlopt-2.7.0/src/util/stop.c
Examining data/nlopt-2.7.0/src/util/timer.c
Examining data/nlopt-2.7.0/test/box.c
Examining data/nlopt-2.7.0/test/lorentzfit.c
Examining data/nlopt-2.7.0/test/t_tutorial.cxx
Examining data/nlopt-2.7.0/test/testfuncs.c
Examining data/nlopt-2.7.0/test/testfuncs.h
Examining data/nlopt-2.7.0/test/testopt.c
FINAL RESULTS:
data/nlopt-2.7.0/src/algs/direct/DIRsubrout.c:1510:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(logfile, *iepschange == 1
data/nlopt-2.7.0/src/algs/direct/DIRsubrout.c:1513:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(logfile, *algmethod == 0
data/nlopt-2.7.0/src/api/nlopt-internal.h:110:32: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format(printf, 2, 3)))
data/nlopt-2.7.0/src/octave/nlopt_optimize-oct.cc:167:42: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define CHECK1(cond, msg) if (!(cond)) { fprintf(stderr, msg "\n\n"); nlopt_destroy(opt); nlopt_destroy(local_opt); return NULL; }
data/nlopt-2.7.0/src/octave/nlopt_optimize-oct.cc:240:41: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define CHECK(cond, msg) if (!(cond)) { fprintf(stderr, msg "\n\n"); nlopt_destroy(opt); return retval; }
data/nlopt-2.7.0/src/util/nlopt-util.h:105:32: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format(printf, 2, 3)))
data/nlopt-2.7.0/src/util/stop.c:193:19: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
while ((ret = vsnprintf(p, len, format, ap)) < 0 || (size_t) ret >= len) {
data/nlopt-2.7.0/src/algs/crs/crs.h:40:10: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int random); /* random or low-discrepancy seq. */
data/nlopt-2.7.0/src/api/nlopt-in.hpp:537:15: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
inline void srand(unsigned long seed) { nlopt_srand(seed); }
data/nlopt-2.7.0/src/util/nlopt-getopt.c:19:5: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int getopt(int nargc, char *const nargv[], const char *ostr)
data/nlopt-2.7.0/src/util/nlopt-getopt.h:43:9: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
#define getopt nlopt_getopt
data/nlopt-2.7.0/src/util/nlopt-getopt.h:52:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
extern int getopt(int nargc, char *const nargv[], const char *ostr);
data/nlopt-2.7.0/src/util/redblack_test.c:63:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned) (argc > 2 ? atoi(argv[2]) : time(NULL)));
data/nlopt-2.7.0/test/testopt.c:324:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "hLvCc0:r:a:o:i:e:t:x:X:f:F:m:b:")) != -1)
data/nlopt-2.7.0/src/algs/ags/ags.cc:104:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x, optPoint.y, n*sizeof(x[0]));
data/nlopt-2.7.0/src/algs/auglag/auglag.c:133:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xcur, x, sizeof(double) * n);
data/nlopt-2.7.0/src/algs/auglag/auglag.c:267:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x, xcur, sizeof(double) * n);
data/nlopt-2.7.0/src/algs/cdirect/cdirect.c:140:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->xmin, x, sizeof(double) * p->n);
data/nlopt-2.7.0/src/algs/cdirect/cdirect.c:199:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rnew, rdiv, sizeof(double) * L);
data/nlopt-2.7.0/src/algs/cdirect/cdirect.c:232:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rnew, rdiv, sizeof(double) * L);
data/nlopt-2.7.0/src/algs/cdirect/hybrid.c:107:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->xmin, x, sizeof(double) * n);
data/nlopt-2.7.0/src/algs/cdirect/hybrid.c:186:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rnew, r, sizeof(double) * L);
data/nlopt-2.7.0/src/algs/cdirect/hybrid.c:192:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rnew+3, rnew+3+n, sizeof(double) * n); /* x = c */
data/nlopt-2.7.0/src/algs/cdirect/hybrid.c:209:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rnew, r, sizeof(double) * L);
data/nlopt-2.7.0/src/algs/cdirect/hybrid.c:215:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rnew+3, rnew+3+n, sizeof(double) * n); /* x = c */
data/nlopt-2.7.0/src/algs/cquad/cquad.c:163:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(X + inew * n, xnew, sizeof(double) * n);
data/nlopt-2.7.0/src/algs/cquad/cquad.c:304:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(X + (iM++ * n), x0, n * sizeof(double));
data/nlopt-2.7.0/src/algs/cquad/cquad.c:315:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x, x0, sizeof(double) * n);
data/nlopt-2.7.0/src/algs/cquad/cquad.c:324:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xcur, x0, sizeof(double) * n);
data/nlopt-2.7.0/src/algs/cquad/cquad.c:332:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(X + (iM++ * n), xcur, n * sizeof(double));
data/nlopt-2.7.0/src/algs/cquad/cquad.c:342:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x, xcur, sizeof(double) * n);
data/nlopt-2.7.0/src/algs/cquad/cquad.c:368:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xcur, x, sizeof(double) * n);
data/nlopt-2.7.0/src/algs/cquad/cquad.c:376:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (++k > 1) memcpy(xprevprev, xprev, sizeof(double) * n);
data/nlopt-2.7.0/src/algs/cquad/cquad.c:377:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xprev, xcur, sizeof(double) * n);
data/nlopt-2.7.0/src/algs/cquad/cquad.c:390:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xcur, x, sizeof(double) * n);
data/nlopt-2.7.0/src/algs/cquad/cquad.c:455:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x, xcur, sizeof(double)*n);
data/nlopt-2.7.0/src/algs/crs/crs.c:69:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x, best->k + 1, sizeof(double) * n);
data/nlopt-2.7.0/src/algs/crs/crs.c:153:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(worst->k, d->p, sizeof(double) * (n+1));
data/nlopt-2.7.0/src/algs/crs/crs.c:204:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d->ps + 1, x, sizeof(double) * n);
data/nlopt-2.7.0/src/algs/crs/crs.c:248:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x, best->k + 1, sizeof(double) * n);
data/nlopt-2.7.0/src/algs/crs/crs.c:261:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x, best->k + 1, sizeof(double) * n);
data/nlopt-2.7.0/src/algs/direct/tstc.c:28:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxits = argc < 2 ? 100 : atoi(argv[1]);
data/nlopt-2.7.0/src/algs/esch/esch.c:142:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(esparents[0].parameters, x, nparameters * sizeof(double));
data/nlopt-2.7.0/src/algs/esch/esch.c:171:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x, esparents[id].parameters,
data/nlopt-2.7.0/src/algs/esch/esch.c:224:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x, esoffsprings[id].parameters,
data/nlopt-2.7.0/src/algs/isres/isres.c:128:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xs, x, sizeof(double) * n); /* use input x for xs_0 */
data/nlopt-2.7.0/src/algs/isres/isres.c:188:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x, xs+k*n, sizeof(double)*n);
data/nlopt-2.7.0/src/algs/isres/isres.c:253:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x0, xs, n * sizeof(double));
data/nlopt-2.7.0/src/algs/mlsl/mlsl.c:263:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x, ((pt *) node->k)->x, sizeof(double) * d->n);
data/nlopt-2.7.0/src/algs/mlsl/mlsl.c:268:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x, node->k + 1, sizeof(double) * d->n);
data/nlopt-2.7.0/src/algs/mlsl/mlsl.c:334:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->x, x, n * sizeof(double));
data/nlopt-2.7.0/src/algs/mlsl/mlsl.c:403:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lm+1, p->x, sizeof(double) * n);
data/nlopt-2.7.0/src/algs/mma/ccsa_quadratic.c:339:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xcur, x, sizeof(double) * n);
data/nlopt-2.7.0/src/algs/mma/ccsa_quadratic.c:383:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (++k > 1) memcpy(xprevprev, xprev, sizeof(double) * n);
data/nlopt-2.7.0/src/algs/mma/ccsa_quadratic.c:384:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xprev, xcur, sizeof(double) * n);
data/nlopt-2.7.0/src/algs/mma/ccsa_quadratic.c:480:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fcval, fcval_cur, sizeof(double)*m);
data/nlopt-2.7.0/src/algs/mma/ccsa_quadratic.c:481:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x, xcur, sizeof(double)*n);
data/nlopt-2.7.0/src/algs/mma/ccsa_quadratic.c:482:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dfdx, dfdx_cur, sizeof(double)*n);
data/nlopt-2.7.0/src/algs/mma/ccsa_quadratic.c:483:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dfcdx, dfcdx_cur, sizeof(double)*n*m);
data/nlopt-2.7.0/src/algs/mma/mma.c:215:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xcur, x, sizeof(double) * n);
data/nlopt-2.7.0/src/algs/mma/mma.c:259:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (++k > 1) memcpy(xprevprev, xprev, sizeof(double) * n);
data/nlopt-2.7.0/src/algs/mma/mma.c:260:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xprev, xcur, sizeof(double) * n);
data/nlopt-2.7.0/src/algs/mma/mma.c:331:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fcval, fcval_cur, sizeof(double)*m);
data/nlopt-2.7.0/src/algs/mma/mma.c:332:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x, xcur, sizeof(double)*n);
data/nlopt-2.7.0/src/algs/mma/mma.c:333:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dfdx, dfdx_cur, sizeof(double)*n);
data/nlopt-2.7.0/src/algs/mma/mma.c:334:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dfcdx, dfcdx_cur, sizeof(double)*n*m);
data/nlopt-2.7.0/src/algs/neldermead/nldrmd.c:83:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
*minf = (fc); memcpy(x, (xc), n * sizeof(double)); \
data/nlopt-2.7.0/src/algs/neldermead/nldrmd.c:133:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pts+1, x, sizeof(double)*n);
data/nlopt-2.7.0/src/algs/neldermead/nldrmd.c:138:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pt+1, x, sizeof(double)*n);
data/nlopt-2.7.0/src/algs/neldermead/nldrmd.c:242:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xh, xcur, sizeof(double)*n);
data/nlopt-2.7.0/src/algs/neldermead/nldrmd.c:246:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xh, xcur, sizeof(double)*n);
data/nlopt-2.7.0/src/algs/neldermead/nldrmd.c:257:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xh, xcur, sizeof(double)*n);
data/nlopt-2.7.0/src/algs/neldermead/sbplx.c:96:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xstep, xstep0, n * sizeof(double));
data/nlopt-2.7.0/src/algs/neldermead/sbplx.c:112:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xprev, x, n * sizeof(double));
data/nlopt-2.7.0/src/algs/praxis/praxis.c:183:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q_1.xbest, &x[1], n*sizeof(double));
data/nlopt-2.7.0/src/algs/praxis/praxis.c:184:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prev_xbest, &x[1], n*sizeof(double));
data/nlopt-2.7.0/src/algs/praxis/praxis.c:438:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prev_xbest, q_1.xbest, n * sizeof(double));
data/nlopt-2.7.0/src/algs/praxis/praxis.c:610:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&x[1], q_1.xbest, n * sizeof(double));
data/nlopt-2.7.0/src/algs/praxis/praxis.c:1242:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q_1->xbest, t, n * sizeof(double));
data/nlopt-2.7.0/src/algs/slsqp/slsqp.c:54:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dy, dx, sizeof(double) * ((unsigned) n));
data/nlopt-2.7.0/src/algs/slsqp/slsqp.c:2482:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xcur, x, sizeof(double) * n);
data/nlopt-2.7.0/src/algs/slsqp/slsqp.c:2483:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xprev, x, sizeof(double) * n);
data/nlopt-2.7.0/src/algs/slsqp/slsqp.c:2602:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x, xcur, sizeof(double)*n);
data/nlopt-2.7.0/src/algs/slsqp/slsqp.c:2615:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xprev, xcur, sizeof(double)*n);
data/nlopt-2.7.0/src/algs/slsqp/slsqp.c:2628:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x, xprev, sizeof(double)*n);
data/nlopt-2.7.0/src/algs/slsqp/slsqp.c:2632:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x, xcur, sizeof(double)*n);
data/nlopt-2.7.0/src/algs/stogo/prog.cc:229:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[STRLEN_MAX]; cin >> str;
data/nlopt-2.7.0/src/algs/stogo/tst.cc:47:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params.maxeval = argc < 2 ? 100 : atoi(argv[1]);
data/nlopt-2.7.0/src/algs/stogo/tstc.c:35:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxits = argc < 2 ? 100 : atoi(argv[1]);
data/nlopt-2.7.0/src/algs/subplex/subplex.c:2082:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&x_old[1], &x[1], sizeof(doublereal) * *n);
data/nlopt-2.7.0/src/api/f77api.c:51:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pnew, p, sizeof(f77_func_data));
data/nlopt-2.7.0/src/api/general.c:37:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char nlopt_algorithm_names[NLOPT_NUM_ALGORITHMS][256] = {
data/nlopt-2.7.0/src/api/nlopt-in.hpp:174:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (n) std::memcpy(&xv[0], x, n * sizeof(double));
data/nlopt-2.7.0/src/api/nlopt-in.hpp:178:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(grad, &gradv[0], n * sizeof(double));
data/nlopt-2.7.0/src/api/options.c:173:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nopt->x_weights, opt->x_weights, sizeof(double) * (opt->n));
data/nlopt-2.7.0/src/api/options.c:176:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nopt->lb, opt->lb, sizeof(double) * (opt->n));
data/nlopt-2.7.0/src/api/options.c:177:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nopt->ub, opt->ub, sizeof(double) * (opt->n));
data/nlopt-2.7.0/src/api/options.c:178:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nopt->xtol_abs, opt->xtol_abs, sizeof(double) * (opt->n));
data/nlopt-2.7.0/src/api/options.c:187:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nopt->fc, opt->fc, sizeof(nlopt_constraint) * (opt->m));
data/nlopt-2.7.0/src/api/options.c:200:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nopt->fc[i].tol, opt->fc[i].tol, sizeof(double) * nopt->fc[i].m);
data/nlopt-2.7.0/src/api/options.c:210:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nopt->h, opt->h, sizeof(nlopt_constraint) * (opt->p));
data/nlopt-2.7.0/src/api/options.c:223:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nopt->h[i].tol, opt->h[i].tol, sizeof(double) * nopt->h[i].m);
data/nlopt-2.7.0/src/api/options.c:235:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nopt->params[i].name, opt->params[i].name, len);
data/nlopt-2.7.0/src/api/options.c:250:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nopt->dx, opt->dx, sizeof(double) * (opt->n));
data/nlopt-2.7.0/src/api/options.c:284:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(opt->params[i].name, name, len);
data/nlopt-2.7.0/src/api/options.c:374:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(opt->lb, lb, sizeof(double) * (opt->n));
data/nlopt-2.7.0/src/api/options.c:416:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lb, opt->lb, sizeof(double) * (opt->n));
data/nlopt-2.7.0/src/api/options.c:428:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(opt->ub, ub, sizeof(double) * (opt->n));
data/nlopt-2.7.0/src/api/options.c:470:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ub, opt->ub, sizeof(double) * (opt->n));
data/nlopt-2.7.0/src/api/options.c:521:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tolcopy, tol, sizeof(double) * fm);
data/nlopt-2.7.0/src/api/options.c:694:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(opt->xtol_abs, xtol_abs, opt->n * sizeof(double));
data/nlopt-2.7.0/src/api/options.c:716:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xtol_abs, opt->xtol_abs, opt->n * sizeof(double));
data/nlopt-2.7.0/src/api/options.c:734:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (opt->n > 0) memcpy(opt->x_weights, x_weights, opt->n * sizeof(double));
data/nlopt-2.7.0/src/api/options.c:763:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x_weights, opt->x_weights, sizeof(double) * (opt->n));
data/nlopt-2.7.0/src/api/options.c:868:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(opt->dx, dx, sizeof(double) * (opt->n));
data/nlopt-2.7.0/src/api/options.c:884:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dx, o->dx, sizeof(double) * (opt->n));
data/nlopt-2.7.0/src/api/options.c:888:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dx, opt->dx, sizeof(double) * (opt->n));
data/nlopt-2.7.0/src/octave/nlopt_optimize-mex.c:81:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f[FLEN];
data/nlopt-2.7.0/src/octave/nlopt_optimize-mex.c:98:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mxGetPr(d->prhs[d->xrhs]), x, n * sizeof(double));
data/nlopt-2.7.0/src/octave/nlopt_optimize-mex.c:114:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gradient, mxGetPr(d->plhs[1]), n * sizeof(double));
data/nlopt-2.7.0/src/octave/nlopt_optimize-mex.c:128:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mxGetPr(d->prhs[d->xrhs]), x, n * sizeof(double));
data/nlopt-2.7.0/src/octave/nlopt_optimize-mex.c:129:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mxGetPr(d->prhs[d->xrhs + 1]), v, n * sizeof(double));
data/nlopt-2.7.0/src/octave/nlopt_optimize-mex.c:139:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vpre, mxGetPr(d->plhs[0]), n * sizeof(double));
data/nlopt-2.7.0/src/octave/nlopt_optimize-mex.c:243:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(d.f, "feval");
data/nlopt-2.7.0/src/octave/nlopt_optimize-mex.c:260:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dpre.f, "feval");
data/nlopt-2.7.0/src/octave/nlopt_optimize-mex.c:305:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dfc[j].f, "feval");
data/nlopt-2.7.0/src/octave/nlopt_optimize-mex.c:342:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dh[j].f, "feval");
data/nlopt-2.7.0/src/octave/nlopt_optimize-mex.c:360:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x, x0, sizeof(double) * n);
data/nlopt-2.7.0/src/util/redblack_test.c:59:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
N = atoi(argv[1]);
data/nlopt-2.7.0/src/util/redblack_test.c:63:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
srand((unsigned) (argc > 2 ? atoi(argv[2]) : time(NULL)));
data/nlopt-2.7.0/src/util/sobolseq_test.c:54:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sdim = atoi(argv[1]);
data/nlopt-2.7.0/src/util/sobolseq_test.c:56:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(argv[2]);
data/nlopt-2.7.0/test/testopt.c:155:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lb, func.lb, func.n * sizeof(double));
data/nlopt-2.7.0/test/testopt.c:156:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ub, func.ub, func.n * sizeof(double));
data/nlopt-2.7.0/test/testopt.c:340:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nlopt_srand((unsigned long) atoi(optarg));
data/nlopt-2.7.0/test/testopt.c:343:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
c = atoi(optarg);
data/nlopt-2.7.0/test/testopt.c:352:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (!test_function(atoi(optarg)))
data/nlopt-2.7.0/test/testopt.c:356:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxeval = atoi(optarg);
data/nlopt-2.7.0/test/testopt.c:359:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iterations = atoi(optarg);
data/nlopt-2.7.0/test/testopt.c:389:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int b = atoi(s);
data/nlopt-2.7.0/src/api/options.c:232:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(opt->params[i].name) + 1;
data/nlopt-2.7.0/src/util/stop.c:185:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(format) + 128;
ANALYSIS SUMMARY:
Hits = 142
Lines analyzed = 39456 in approximately 1.51 seconds (26140 lines/second)
Physical Source Lines of Code (SLOC) = 27519
Hits@level = [0] 223 [1] 2 [2] 126 [3] 7 [4] 7 [5] 0
Hits@level+ = [0+] 365 [1+] 142 [2+] 140 [3+] 14 [4+] 7 [5+] 0
Hits/KSLOC@level+ = [0+] 13.2636 [1+] 5.16007 [2+] 5.08739 [3+] 0.508739 [4+] 0.25437 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.