Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/polylib-5.22.5/include/polylib/eval_ehrhart.h
Examining data/polylib-5.22.5/include/polylib/polylib32.h
Examining data/polylib-5.22.5/include/polylib/errormsg.h
Examining data/polylib-5.22.5/include/polylib/Zpolyhedron.h
Examining data/polylib-5.22.5/include/polylib/arithmetique.h
Examining data/polylib-5.22.5/include/polylib/ranking.h
Examining data/polylib-5.22.5/include/polylib/polylib.h
Examining data/polylib-5.22.5/include/polylib/polylib64.h
Examining data/polylib-5.22.5/include/polylib/ext_ehrhart.h
Examining data/polylib-5.22.5/include/polylib/alpha.h
Examining data/polylib-5.22.5/include/polylib/Lattice.h
Examining data/polylib-5.22.5/include/polylib/vector.h
Examining data/polylib-5.22.5/include/polylib/param.h
Examining data/polylib-5.22.5/include/polylib/matrix_permutations.h
Examining data/polylib-5.22.5/include/polylib/matrix_addon.h
Examining data/polylib-5.22.5/include/polylib/NormalForms.h
Examining data/polylib-5.22.5/include/polylib/arithmetic_errors.h
Examining data/polylib-5.22.5/include/polylib/homogenization.h
Examining data/polylib-5.22.5/include/polylib/compress_parms.h
Examining data/polylib-5.22.5/include/polylib/polyhedron.h
Examining data/polylib-5.22.5/include/polylib/matrix.h
Examining data/polylib-5.22.5/include/polylib/polylibgmp.h
Examining data/polylib-5.22.5/include/polylib/types.h
Examining data/polylib-5.22.5/include/polylib/Matop.h
Examining data/polylib-5.22.5/include/polylib/ehrhart.h
Examining data/polylib-5.22.5/include/polylib/polyparam.h
Examining data/polylib-5.22.5/include/polylib/SolveDio.h
Examining data/polylib-5.22.5/source/oldpolytest.c
Examining data/polylib-5.22.5/source/count.c
Examining data/polylib-5.22.5/source/kernel/Zpolyhedron.c
Examining data/polylib-5.22.5/source/kernel/matrix_addon.c
Examining data/polylib-5.22.5/source/kernel/Lattice.c
Examining data/polylib-5.22.5/source/kernel/NormalForms.c
Examining data/polylib-5.22.5/source/kernel/errormsg.c
Examining data/polylib-5.22.5/source/kernel/polyhedron.c
Examining data/polylib-5.22.5/source/kernel/SolveDio.c
Examining data/polylib-5.22.5/source/kernel/vector.c
Examining data/polylib-5.22.5/source/kernel/Matop.c
Examining data/polylib-5.22.5/source/kernel/alpha.c
Examining data/polylib-5.22.5/source/kernel/matrix.c
Examining data/polylib-5.22.5/source/kernel/param.c
Examining data/polylib-5.22.5/source/kernel/compress_parms.c
Examining data/polylib-5.22.5/source/kernel/polyparam.c
Examining data/polylib-5.22.5/source/kernel/matrix_permutations.c
Examining data/polylib-5.22.5/source/ehrhart/homogenization.c
Examining data/polylib-5.22.5/source/ehrhart/ranking.c
Examining data/polylib-5.22.5/source/ehrhart/eval_ehrhart.c
Examining data/polylib-5.22.5/source/ehrhart/ext_ehrhart.c
Examining data/polylib-5.22.5/source/ehrhart/ehrhart.c
Examining data/polylib-5.22.5/source/arith/arithmetique.h
Examining data/polylib-5.22.5/source/arith/errors.c
Examining data/polylib-5.22.5/source/arith/arithmetic_errors.h
Examining data/polylib-5.22.5/source/arith/assert.h
Examining data/polylib-5.22.5/applications/disjoint_union_adj.c
Examining data/polylib-5.22.5/applications/ehrhart_ranking.c
Examining data/polylib-5.22.5/applications/ehrhart_lower_bound.c
Examining data/polylib-5.22.5/applications/pp.c
Examining data/polylib-5.22.5/applications/ehrhart_quick_apx.c
Examining data/polylib-5.22.5/applications/polytest.c
Examining data/polylib-5.22.5/applications/findv.c
Examining data/polylib-5.22.5/applications/testCompressParms.c
Examining data/polylib-5.22.5/applications/ehrhart_upper_bound.c
Examining data/polylib-5.22.5/applications/ehrhart_union.c
Examining data/polylib-5.22.5/applications/Zpolytest.c
Examining data/polylib-5.22.5/applications/example.c
Examining data/polylib-5.22.5/applications/disjoint_union_sep.c
Examining data/polylib-5.22.5/applications/c2p.c
Examining data/polylib-5.22.5/applications/r2p.c
Examining data/polylib-5.22.5/applications/testlib.c
Examining data/polylib-5.22.5/applications/testehrhart.c
Examining data/polylib-5.22.5/applications/verif_ehrhart.c
Examining data/polylib-5.22.5/mp_get_memory_functions.c
FINAL RESULTS:
data/polylib-5.22.5/applications/ehrhart_lower_bound.c:81:2: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
scanf("%s",str);
data/polylib-5.22.5/applications/ehrhart_quick_apx.c:76:2: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
scanf("%s",str);
data/polylib-5.22.5/applications/ehrhart_ranking.c:84:2: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
scanf("%s",str);
data/polylib-5.22.5/applications/ehrhart_union.c:99:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pp[i], param);
data/polylib-5.22.5/applications/ehrhart_union.c:185:21: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
scanf("%s",str);
data/polylib-5.22.5/applications/ehrhart_upper_bound.c:81:2: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
scanf("%s",str);
data/polylib-5.22.5/applications/testCompressParms.c:37:19: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(#a" tested ok.\n"); \
data/polylib-5.22.5/applications/testCompressParms.c:40:19: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(#a" NOT OK\n"); \
data/polylib-5.22.5/applications/testehrhart.c:211:21: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
scanf("%s",str);
data/polylib-5.22.5/include/polylib/arithmetique.h:309:8: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf((Dst),(fmt),strm.str().c_str()); \
data/polylib-5.22.5/include/polylib/arithmetique.h:384:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf((Dst),(fmt),str); \
data/polylib-5.22.5/include/polylib/arithmetique.h:463:37: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
#define value_read(val,str) (sscanf((str),VALUE_FMT,&(val)))
data/polylib-5.22.5/include/polylib/arithmetique.h:464:37: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define value_print(Dst,fmt,val) (fprintf((Dst),(fmt),(val)))
data/polylib-5.22.5/include/polylib/matrix_addon.h:32:26: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define show_matrix(M) { printf(#M"= \n"); \
data/polylib-5.22.5/source/arith/arithmetique.h:309:8: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf((Dst),(fmt),strm.str().c_str()); \
data/polylib-5.22.5/source/arith/arithmetique.h:384:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf((Dst),(fmt),str); \
data/polylib-5.22.5/source/arith/arithmetique.h:463:37: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
#define value_read(val,str) (sscanf((str),VALUE_FMT,&(val)))
data/polylib-5.22.5/source/arith/arithmetique.h:464:37: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define value_print(Dst,fmt,val) (fprintf((Dst),(fmt),(val)))
data/polylib-5.22.5/source/count.c:99:7: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
scanf(" %s", str);
data/polylib-5.22.5/source/kernel/compress_parms.c:42:44: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(#a); \
data/polylib-5.22.5/source/kernel/compress_parms.c:46:42: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(#a); \
data/polylib-5.22.5/source/kernel/matrix.c:189:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(c,"%s%n",str,&n) == 0) {
data/polylib-5.22.5/source/kernel/param.c:67:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(param_name[i],param);
data/polylib-5.22.5/source/kernel/polyparam.c:1729:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(DST,(value_notzero_p(D->Constraint[l][0])) ?" >= 0":" = 0");
data/polylib-5.22.5/source/kernel/vector.c:231:5: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
scanf("%s",str);
data/polylib-5.22.5/applications/testCompressParms.c:337:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(nbSamples);
data/polylib-5.22.5/applications/testehrhart.c:41:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
#define getopt_long(a,b,c,d,e) getopt(a,b,c)
data/polylib-5.22.5/applications/testehrhart.c:41:32: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
#define getopt_long(a,b,c,d,e) getopt(a,b,c)
data/polylib-5.22.5/applications/testehrhart.c:146:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long(argc, argv, "h", options, &ind)) != -1) {
data/polylib-5.22.5/applications/Zpolytest.c:27:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[128];
data/polylib-5.22.5/applications/ehrhart_union.c:31:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1025], param[1025];
data/polylib-5.22.5/applications/ehrhart_union.c:149:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
Value *pmin, *pmax, *p; int i, k; char str[256], *s;
data/polylib-5.22.5/applications/polytest.c:24:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[128];
data/polylib-5.22.5/applications/testehrhart.c:133:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[1024];
data/polylib-5.22.5/applications/verif_ehrhart.c:204:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m = atoi(&argv[i][2]);
data/polylib-5.22.5/applications/verif_ehrhart.c:209:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
M = atoi(&argv[i][2]);
data/polylib-5.22.5/applications/verif_ehrhart.c:214:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
M = atoi(&argv[i][2]);
data/polylib-5.22.5/source/count.c:47:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[1024];
data/polylib-5.22.5/source/ehrhart/ehrhart.c:333:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e,&p->arr[0],sizeof(evalue));
data/polylib-5.22.5/source/ehrhart/ehrhart.c:352:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e,&p->arr[0],sizeof(evalue));
data/polylib-5.22.5/source/ehrhart/homogenization.c:63:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ep, w, sizeof(evalue));
data/polylib-5.22.5/source/kernel/Lattice.c:80:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("_debug","a");
data/polylib-5.22.5/source/kernel/Lattice.c:102:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen ("_debug", "a");
data/polylib-5.22.5/source/kernel/Lattice.c:124:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("_debug", "a");
data/polylib-5.22.5/source/kernel/Lattice.c:151:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen ("_debug", "a");
data/polylib-5.22.5/source/kernel/Lattice.c:183:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen ("_debug", "a");
data/polylib-5.22.5/source/kernel/Lattice.c:230:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("_debug", "a");
data/polylib-5.22.5/source/kernel/Lattice.c:318:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("_debug","a");
data/polylib-5.22.5/source/kernel/Lattice.c:347:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("_debug", "a");
data/polylib-5.22.5/source/kernel/Lattice.c:379:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("_debug", "a");
data/polylib-5.22.5/source/kernel/Lattice.c:485:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("_debug", "a");
data/polylib-5.22.5/source/kernel/Lattice.c:576:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("_debug", "a");
data/polylib-5.22.5/source/kernel/Lattice.c:822:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("_debug", "a");
data/polylib-5.22.5/source/kernel/Lattice.c:1003:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("_debug", "a");
data/polylib-5.22.5/source/kernel/Lattice.c:1132:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("_debug", "a");
data/polylib-5.22.5/source/kernel/Lattice.c:1176:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("_debug", "a");
data/polylib-5.22.5/source/kernel/Lattice.c:1245:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen ("_debug", "a");
data/polylib-5.22.5/source/kernel/SolveDio.c:91:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("_debug", "a");
data/polylib-5.22.5/source/kernel/Zpolyhedron.c:272:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen ("_debug", "a");
data/polylib-5.22.5/source/kernel/Zpolyhedron.c:313:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("_debug","a");
data/polylib-5.22.5/source/kernel/Zpolyhedron.c:342:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp1 = fopen("_debug", "a");
data/polylib-5.22.5/source/kernel/Zpolyhedron.c:380:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("_debug", "a");
data/polylib-5.22.5/source/kernel/Zpolyhedron.c:402:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("_debug", "a");
data/polylib-5.22.5/source/kernel/Zpolyhedron.c:440:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("_debug", "a");
data/polylib-5.22.5/source/kernel/Zpolyhedron.c:492:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen ("_debug", "a");
data/polylib-5.22.5/source/kernel/Zpolyhedron.c:520:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("_debug", "a");
data/polylib-5.22.5/source/kernel/Zpolyhedron.c:555:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("_debug","a");
data/polylib-5.22.5/source/kernel/Zpolyhedron.c:601:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("_debug", "a");
data/polylib-5.22.5/source/kernel/Zpolyhedron.c:677:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("_debug", "a");
data/polylib-5.22.5/source/kernel/Zpolyhedron.c:727:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("_debug","a");
data/polylib-5.22.5/source/kernel/Zpolyhedron.c:771:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("_debug", "a");
data/polylib-5.22.5/source/kernel/Zpolyhedron.c:862:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("_debug","a");
data/polylib-5.22.5/source/kernel/Zpolyhedron.c:985:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("_debug", "a");
data/polylib-5.22.5/source/kernel/matrix.c:170:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *c, s[1024],str[1024];
data/polylib-5.22.5/source/kernel/matrix.c:207:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1024];
data/polylib-5.22.5/source/kernel/param.c:35:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1024],param[32];
data/polylib-5.22.5/source/kernel/param.c:75:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(param_name[i], "%c", PCHAR+i+1);
data/polylib-5.22.5/source/kernel/param.c:84:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
free((char *)params[m]);
data/polylib-5.22.5/source/kernel/polyhedron.c:74:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((t), (char *)(a), (int)(l));\
data/polylib-5.22.5/source/kernel/polyhedron.c:75:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)(a), (char *)(b), (int)(l));\
data/polylib-5.22.5/source/kernel/polyhedron.c:76:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)(b), (t), (int)(l));\
data/polylib-5.22.5/source/kernel/polyhedron.c:200:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)(p2), (char *)(p1), (int)((length)*sizeof(int)))
data/polylib-5.22.5/source/kernel/vector.c:118:16: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
Value acopy, bcopy;
data/polylib-5.22.5/source/kernel/vector.c:121:14: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
value_init(bcopy);
data/polylib-5.22.5/source/kernel/vector.c:123:16: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
value_assign(bcopy,b);
data/polylib-5.22.5/source/kernel/vector.c:125:27: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
value_modulus(*result,bcopy,acopy);
data/polylib-5.22.5/source/kernel/vector.c:126:18: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
value_assign(bcopy,acopy);
data/polylib-5.22.5/source/kernel/vector.c:129:26: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
value_absolute(*result,bcopy);
data/polylib-5.22.5/source/kernel/vector.c:131:15: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
value_clear(bcopy);
data/polylib-5.22.5/source/kernel/vector.c:220:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[1024];
data/polylib-5.22.5/source/oldpolytest.c:459:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[128];
data/polylib-5.22.5/include/polylib/arithmetique.h:386:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(*gmp_free) (str, strlen(str)+1); \
data/polylib-5.22.5/source/arith/arithmetique.h:386:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(*gmp_free) (str, strlen(str)+1); \
ANALYSIS SUMMARY:
Hits = 93
Lines analyzed = 27034 in approximately 0.81 seconds (33342 lines/second)
Physical Source Lines of Code (SLOC) = 16949
Hits@level = [0] 740 [1] 2 [2] 62 [3] 4 [4] 25 [5] 0
Hits@level+ = [0+] 833 [1+] 93 [2+] 91 [3+] 29 [4+] 25 [5+] 0
Hits/KSLOC@level+ = [0+] 49.1474 [1+] 5.48705 [2+] 5.36905 [3+] 1.71102 [4+] 1.47501 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.