Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ocaml-mccs-1.1+11/src/abstract_combiner.h
Examining data/ocaml-mccs-1.1+11/src/abstract_criteria.h
Examining data/ocaml-mccs-1.1+11/src/abstract_solver.h
Examining data/ocaml-mccs-1.1+11/src/changed_criteria.cpp
Examining data/ocaml-mccs-1.1+11/src/changed_criteria.h
Examining data/ocaml-mccs-1.1+11/src/combiner.h
Examining data/ocaml-mccs-1.1+11/src/constraint_generation.cpp
Examining data/ocaml-mccs-1.1+11/src/constraint_generation.h
Examining data/ocaml-mccs-1.1+11/src/count_criteria.cpp
Examining data/ocaml-mccs-1.1+11/src/count_criteria.h
Examining data/ocaml-mccs-1.1+11/src/criteria.h
Examining data/ocaml-mccs-1.1+11/src/cudf.h
Examining data/ocaml-mccs-1.1+11/src/cudf_reductions.cpp
Examining data/ocaml-mccs-1.1+11/src/cudf_reductions.h
Examining data/ocaml-mccs-1.1+11/src/cudf_tools.cpp
Examining data/ocaml-mccs-1.1+11/src/cudf_types.h
Examining data/ocaml-mccs-1.1+11/src/glpk_solver.cpp
Examining data/ocaml-mccs-1.1+11/src/glpk_solver.h
Examining data/ocaml-mccs-1.1+11/src/lexagregate_combiner.cpp
Examining data/ocaml-mccs-1.1+11/src/lexagregate_combiner.h
Examining data/ocaml-mccs-1.1+11/src/lp_solver.h
Examining data/ocaml-mccs-1.1+11/src/mccs_stubs.cpp
Examining data/ocaml-mccs-1.1+11/src/mccscudf.cpp
Examining data/ocaml-mccs-1.1+11/src/mccscudf.h
Examining data/ocaml-mccs-1.1+11/src/new_criteria.cpp
Examining data/ocaml-mccs-1.1+11/src/new_criteria.h
Examining data/ocaml-mccs-1.1+11/src/notuptodate_criteria.cpp
Examining data/ocaml-mccs-1.1+11/src/notuptodate_criteria.h
Examining data/ocaml-mccs-1.1+11/src/osi_solver.h
Examining data/ocaml-mccs-1.1+11/src/removed_criteria.cpp
Examining data/ocaml-mccs-1.1+11/src/removed_criteria.h
Examining data/ocaml-mccs-1.1+11/src/scoeff_solver.h
Examining data/ocaml-mccs-1.1+11/src/lp_solver.cpp
Parsing failed to find end of parameter list; semicolon terminated it in (command, "cat %s >> %s && %s %s > %s 2> nul",
#else
sprintf(command, "cat %s >> %s; %s %s > %s 2> /dev/null",
#endif
ctlpfilename, lpfilename, lpsolver, lpfilename, lpoutfilename)
FINAL RESULTS:
data/ocaml-mccs-1.1+11/src/cudf.h:32:24: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PRINT_ERR(...) fprintf(stderr, __VA_ARGS__)
data/ocaml-mccs-1.1+11/src/cudf.h:33:24: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PRINT_OUT(...) fprintf(stdout, __VA_ARGS__)
data/ocaml-mccs-1.1+11/src/cudf_tools.cpp:89:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf((char *)versioned_name, "%s_%s", name, temp);
data/ocaml-mccs-1.1+11/src/cudf_tools.cpp:278:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(the_nvalue, the_value);
data/ocaml-mccs-1.1+11/src/glpk_solver.cpp:211:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, buffer);
data/ocaml-mccs-1.1+11/src/lp_solver.cpp:72:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ctlpfilename, "%sctlp_%lu_%lu.lp", TMP_FILES_PATH, uid, pid);
data/ocaml-mccs-1.1+11/src/lp_solver.cpp:99:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(lpfilename, "%slppbs_%lu_%lu.lp", TMP_FILES_PATH, uid, pid);
data/ocaml-mccs-1.1+11/src/lp_solver.cpp:100:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(lpoutfilename, "%slppbs_%lu_%lu.out", TMP_FILES_PATH, uid, pid);
data/ocaml-mccs-1.1+11/src/lp_solver.cpp:138:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "cat %s >> %s && %s %s > %s 2> nul",
data/ocaml-mccs-1.1+11/src/lp_solver.cpp:140:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "cat %s >> %s; %s %s > %s 2> /dev/null",
data/ocaml-mccs-1.1+11/src/lp_solver.cpp:144:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "cat %s >> %s && %s %s | tee %s",
data/ocaml-mccs-1.1+11/src/lp_solver.cpp:147:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(command) == -1) {
data/ocaml-mccs-1.1+11/src/mccs_stubs.cpp:682:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(criteria, String_val(ml_criteria));
data/ocaml-mccs-1.1+11/src/osi_solver.h:272:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, buffer);
data/ocaml-mccs-1.1+11/src/cudf_tools.cpp:82:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char temp[50];
data/ocaml-mccs-1.1+11/src/cudf_tools.cpp:84:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, "%" CUDFint64"u", pkg_version);
data/ocaml-mccs-1.1+11/src/glpk_solver.cpp:204:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[20];
data/ocaml-mccs-1.1+11/src/glpk_solver.cpp:206:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "x%d", i);
data/ocaml-mccs-1.1+11/src/lp_solver.cpp:21:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char temp_files_path[MAX_PATH+1];
data/ocaml-mccs-1.1+11/src/lp_solver.cpp:73:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ctlpfile = fopen(ctlpfilename, "w");
data/ocaml-mccs-1.1+11/src/lp_solver.cpp:94:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[1024];
data/ocaml-mccs-1.1+11/src/lp_solver.cpp:105:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((lpfile = fopen(lpfilename, "w")) == (FILE *)NULL) {
data/ocaml-mccs-1.1+11/src/lp_solver.cpp:152:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fsol = fopen(lpoutfilename, "r")) == (FILE *)NULL) {
data/ocaml-mccs-1.1+11/src/lp_solver.h:90:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctlpfilename[256];
data/ocaml-mccs-1.1+11/src/lp_solver.h:91:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lpfilename[256];
data/ocaml-mccs-1.1+11/src/lp_solver.h:92:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lpoutfilename[256];
data/ocaml-mccs-1.1+11/src/osi_solver.h:266:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[20];
data/ocaml-mccs-1.1+11/src/cudf_tools.cpp:85:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((versioned_name = (const char *)malloc(strlen(name)+strlen(temp)+2)) == NULL) {
data/ocaml-mccs-1.1+11/src/cudf_tools.cpp:85:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((versioned_name = (const char *)malloc(strlen(name)+strlen(temp)+2)) == NULL) {
data/ocaml-mccs-1.1+11/src/cudf_tools.cpp:274:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *the_nvalue = (char *)malloc(strlen(the_value)+1);
data/ocaml-mccs-1.1+11/src/glpk_solver.cpp:207:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((name = (char *)malloc(strlen(buffer)+1)) == (char *)NULL) {
data/ocaml-mccs-1.1+11/src/mccs_stubs.cpp:678:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* criteria = new char[strlen(String_val(ml_criteria))+3];
data/ocaml-mccs-1.1+11/src/mccs_stubs.cpp:681:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(criteria, "[");
data/ocaml-mccs-1.1+11/src/mccs_stubs.cpp:683:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(criteria, "]");
data/ocaml-mccs-1.1+11/src/mccscudf.cpp:58:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (; pos < strlen(crit_descr); pos++)
data/ocaml-mccs-1.1+11/src/mccscudf.cpp:153:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(property, crit_descr+start, length);
data/ocaml-mccs-1.1+11/src/mccscudf.cpp:165:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(ref);
data/ocaml-mccs-1.1+11/src/mccscudf.cpp:187:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(property, crit_descr+start, length);
data/ocaml-mccs-1.1+11/src/mccscudf.cpp:222:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (pos += 1; pos < strlen(crit_descr) && crit_descr[pos] != ']';) {
data/ocaml-mccs-1.1+11/src/mccscudf.cpp:240:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (; pos < strlen(crit_descr); pos++) {
data/ocaml-mccs-1.1+11/src/osi_solver.h:268:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((name = (char *)malloc(strlen(buffer)+1)) == (char *)NULL) {
ANALYSIS SUMMARY:
Hits = 41
Lines analyzed = 5675 in approximately 0.16 seconds (36183 lines/second)
Physical Source Lines of Code (SLOC) = 3870
Hits@level = [0] 50 [1] 14 [2] 13 [3] 0 [4] 14 [5] 0
Hits@level+ = [0+] 91 [1+] 41 [2+] 27 [3+] 14 [4+] 14 [5+] 0
Hits/KSLOC@level+ = [0+] 23.5142 [1+] 10.5943 [2+] 6.97674 [3+] 3.61757 [4+] 3.61757 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.