stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ocamlcreal-0.7/mlgmp/conversions.c
Examining data/ocamlcreal-0.7/mlgmp/mlgmp_misc.c
Examining data/ocamlcreal-0.7/mlgmp/mlgmp_q.c
Examining data/ocamlcreal-0.7/mlgmp/mlgmp_z.c
Examining data/ocamlcreal-0.7/mlgmp/config.h
Examining data/ocamlcreal-0.7/mlgmp/mlgmp.h

FINAL RESULTS:

data/ocamlcreal-0.7/mlgmp/mlgmp_misc.c:21:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(String_val(r), gmp_version);
data/ocamlcreal-0.7/mlgmp/mlgmp_z.c:125:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(String_val(r), s);
data/ocamlcreal-0.7/mlgmp/mlgmp_misc.c:20:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  r = alloc_string(strlen(gmp_version));
data/ocamlcreal-0.7/mlgmp/mlgmp_q.c:197:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen(s);
data/ocamlcreal-0.7/mlgmp/mlgmp_q.c:203:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen(s);
data/ocamlcreal-0.7/mlgmp/mlgmp_z.c:124:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  r=alloc_string(strlen(s));
data/ocamlcreal-0.7/mlgmp/mlgmp_z.c:766:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen(s);

ANALYSIS SUMMARY:

Hits = 7
Lines analyzed = 1317 in approximately 0.06 seconds (22380 lines/second)
Physical Source Lines of Code (SLOC) = 1068
Hits@level = [0]   1 [1]   5 [2]   0 [3]   0 [4]   2 [5]   0
Hits@level+ = [0+]   8 [1+]   7 [2+]   2 [3+]   2 [4+]   2 [5+]   0
Hits/KSLOC@level+ = [0+] 7.49064 [1+] 6.55431 [2+] 1.87266 [3+] 1.87266 [4+] 1.87266 [5+]   0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.