Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/primesieve-7.5+ds/examples/c/count_primes.c
Examining data/primesieve-7.5+ds/examples/c/nth_prime.c
Examining data/primesieve-7.5+ds/examples/c/prev_prime.c
Examining data/primesieve-7.5+ds/examples/c/primesieve_iterator.c
Examining data/primesieve-7.5+ds/examples/c/store_primes_in_array.c
Examining data/primesieve-7.5+ds/examples/cpp/count_primes.cpp
Examining data/primesieve-7.5+ds/examples/cpp/nth_prime.cpp
Examining data/primesieve-7.5+ds/examples/cpp/prev_prime.cpp
Examining data/primesieve-7.5+ds/examples/cpp/primesieve_iterator.cpp
Examining data/primesieve-7.5+ds/examples/cpp/store_primes_in_vector.cpp
Examining data/primesieve-7.5+ds/include/primesieve.h
Examining data/primesieve-7.5+ds/include/primesieve.hpp
Examining data/primesieve-7.5+ds/include/primesieve/Bucket.hpp
Examining data/primesieve-7.5+ds/include/primesieve/CpuInfo.hpp
Examining data/primesieve-7.5+ds/include/primesieve/Erat.hpp
Examining data/primesieve-7.5+ds/include/primesieve/EratBig.hpp
Examining data/primesieve-7.5+ds/include/primesieve/EratMedium.hpp
Examining data/primesieve-7.5+ds/include/primesieve/EratSmall.hpp
Examining data/primesieve-7.5+ds/include/primesieve/IteratorHelper.hpp
Examining data/primesieve-7.5+ds/include/primesieve/MemoryPool.hpp
Examining data/primesieve-7.5+ds/include/primesieve/ParallelSieve.hpp
Examining data/primesieve-7.5+ds/include/primesieve/PreSieve.hpp
Examining data/primesieve-7.5+ds/include/primesieve/PrimeGenerator.hpp
Examining data/primesieve-7.5+ds/include/primesieve/PrimeSieve.hpp
Examining data/primesieve-7.5+ds/include/primesieve/PrintPrimes.hpp
Examining data/primesieve-7.5+ds/include/primesieve/SievingPrimes.hpp
Examining data/primesieve-7.5+ds/include/primesieve/StorePrimes.hpp
Examining data/primesieve-7.5+ds/include/primesieve/Wheel.hpp
Examining data/primesieve-7.5+ds/include/primesieve/bits.hpp
Examining data/primesieve-7.5+ds/include/primesieve/calculator.hpp
Examining data/primesieve-7.5+ds/include/primesieve/config.hpp
Examining data/primesieve-7.5+ds/include/primesieve/forward.hpp
Examining data/primesieve-7.5+ds/include/primesieve/iterator.h
Examining data/primesieve-7.5+ds/include/primesieve/iterator.hpp
Examining data/primesieve-7.5+ds/include/primesieve/littleendian_cast.hpp
Examining data/primesieve-7.5+ds/include/primesieve/malloc_vector.hpp
Examining data/primesieve-7.5+ds/include/primesieve/noinline.hpp
Examining data/primesieve-7.5+ds/include/primesieve/pmath.hpp
Examining data/primesieve-7.5+ds/include/primesieve/primesieve_error.hpp
Examining data/primesieve-7.5+ds/src/CpuInfo.cpp
Examining data/primesieve-7.5+ds/src/Erat.cpp
Examining data/primesieve-7.5+ds/src/EratBig.cpp
Examining data/primesieve-7.5+ds/src/EratMedium.cpp
Examining data/primesieve-7.5+ds/src/EratSmall.cpp
Examining data/primesieve-7.5+ds/src/IteratorHelper.cpp
Examining data/primesieve-7.5+ds/src/LookupTables.cpp
Examining data/primesieve-7.5+ds/src/MemoryPool.cpp
Examining data/primesieve-7.5+ds/src/ParallelSieve.cpp
Examining data/primesieve-7.5+ds/src/PreSieve.cpp
Examining data/primesieve-7.5+ds/src/PrimeGenerator.cpp
Examining data/primesieve-7.5+ds/src/PrimeSieve.cpp
Examining data/primesieve-7.5+ds/src/PrintPrimes.cpp
Examining data/primesieve-7.5+ds/src/SievingPrimes.cpp
Examining data/primesieve-7.5+ds/src/api-c.cpp
Examining data/primesieve-7.5+ds/src/api.cpp
Examining data/primesieve-7.5+ds/src/console/cmdoptions.cpp
Examining data/primesieve-7.5+ds/src/console/cmdoptions.hpp
Examining data/primesieve-7.5+ds/src/console/help.cpp
Examining data/primesieve-7.5+ds/src/console/main.cpp
Examining data/primesieve-7.5+ds/src/console/test.cpp
Examining data/primesieve-7.5+ds/src/gui/src/PrimeSieveGUI.cpp
Examining data/primesieve-7.5+ds/src/gui/src/PrimeSieveGUI.hpp
Examining data/primesieve-7.5+ds/src/gui/src/PrimeSieveGUI_menu.cpp
Examining data/primesieve-7.5+ds/src/gui/src/PrimeSieveProcess.cpp
Examining data/primesieve-7.5+ds/src/gui/src/PrimeSieveProcess.hpp
Examining data/primesieve-7.5+ds/src/gui/src/main.cpp
Examining data/primesieve-7.5+ds/src/iterator-c.cpp
Examining data/primesieve-7.5+ds/src/iterator.cpp
Examining data/primesieve-7.5+ds/src/nthPrime.cpp
Examining data/primesieve-7.5+ds/src/popcount.cpp
Examining data/primesieve-7.5+ds/test/calculator.cpp
Examining data/primesieve-7.5+ds/test/count_primes1.cpp
Examining data/primesieve-7.5+ds/test/count_primes2.cpp
Examining data/primesieve-7.5+ds/test/count_primes3.cpp
Examining data/primesieve-7.5+ds/test/count_quadruplets.cpp
Examining data/primesieve-7.5+ds/test/count_quintuplets.cpp
Examining data/primesieve-7.5+ds/test/count_sextuplets.cpp
Examining data/primesieve-7.5+ds/test/count_triplets.cpp
Examining data/primesieve-7.5+ds/test/count_twins.cpp
Examining data/primesieve-7.5+ds/test/cpu_info.cpp
Examining data/primesieve-7.5+ds/test/floorPow2.cpp
Examining data/primesieve-7.5+ds/test/generate_n_primes1.cpp
Examining data/primesieve-7.5+ds/test/generate_n_primes2.c
Examining data/primesieve-7.5+ds/test/generate_primes1.cpp
Examining data/primesieve-7.5+ds/test/generate_primes2.c
Examining data/primesieve-7.5+ds/test/ilog2.cpp
Examining data/primesieve-7.5+ds/test/isqrt.cpp
Examining data/primesieve-7.5+ds/test/isqrt_constexpr.cpp
Examining data/primesieve-7.5+ds/test/move_primesieve_iterator.cpp
Examining data/primesieve-7.5+ds/test/next_prime1.cpp
Examining data/primesieve-7.5+ds/test/next_prime2.c
Examining data/primesieve-7.5+ds/test/nth_prime1.cpp
Examining data/primesieve-7.5+ds/test/nth_prime2.cpp
Examining data/primesieve-7.5+ds/test/nth_prime3.cpp
Examining data/primesieve-7.5+ds/test/number_of_bits.cpp
Examining data/primesieve-7.5+ds/test/prev_prime1.cpp
Examining data/primesieve-7.5+ds/test/prev_prime2.c
FINAL RESULTS:
data/primesieve-7.5+ds/test/generate_n_primes2.c:72:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("primes[%zu] = %" PRIu64, i, primes[i]);
data/primesieve-7.5+ds/test/generate_n_primes2.c:82:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("primes[%zu] = %" PRIu64, i, primes[i]);
data/primesieve-7.5+ds/test/generate_primes2.c:73:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("primes[%zu] = %" PRIu64, i, primes[i]);
data/primesieve-7.5+ds/test/generate_primes2.c:84:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("primes[%zu] = %" PRIu64, i, primes[i]);
data/primesieve-7.5+ds/test/next_prime2.c:46:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("next_prime(%" PRIu64 ") = %" PRIu64, primes[i] - 1, prime);
data/primesieve-7.5+ds/test/next_prime2.c:51:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("next_prime(%" PRIu64 ") = %" PRIu64, primes[i], prime);
data/primesieve-7.5+ds/test/next_prime2.c:61:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("Sum of the primes below 10^9 = %" PRIu64, sum);
data/primesieve-7.5+ds/test/next_prime2.c:74:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("prev_prime(%" PRIu64 ") = %" PRIu64, old, prime);
data/primesieve-7.5+ds/test/next_prime2.c:80:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("next_prime(18446744073709551556) = %" PRIu64, prime);
data/primesieve-7.5+ds/test/next_prime2.c:87:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("next_prime(%" PRIu64 ") = %" PRIu64, old, prime);
data/primesieve-7.5+ds/test/prev_prime2.c:45:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("prev_prime(%" PRIu64 ") = %" PRIu64, primes[i] + 1, prime);
data/primesieve-7.5+ds/test/prev_prime2.c:50:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("prev_prime(%" PRIu64 ") = %" PRIu64, primes[i], prime);
data/primesieve-7.5+ds/test/prev_prime2.c:60:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("Sum of the primes below 10^8 = %" PRIu64, sum);
data/primesieve-7.5+ds/test/prev_prime2.c:66:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("prev_prime(0) = %" PRIu64, prime);
data/primesieve-7.5+ds/test/prev_prime2.c:74:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("next_prime(%" PRIu64 ") = %" PRIu64, old, prime);
data/primesieve-7.5+ds/test/prev_prime2.c:85:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("prev_prime(%" PRIu64 ") = %" PRIu64, p1, prime);
data/primesieve-7.5+ds/test/prev_prime2.c:94:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("next_prime(%" PRIu64 ") = %" PRIu64, old, prime);
data/primesieve-7.5+ds/examples/c/nth_prime.c:14:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atol(argv[1]);
data/primesieve-7.5+ds/examples/cpp/nth_prime.cpp:14:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = std::atol(argv[1]);
data/primesieve-7.5+ds/include/primesieve/littleendian_cast.hpp:24:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[sizeof(int)];
data/primesieve-7.5+ds/src/gui/src/PrimeSieveGUI.cpp:324:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (error_log.open(QIODevice::WriteOnly | QIODevice::Append | QIODevice::Text)) {
data/primesieve-7.5+ds/src/gui/src/PrimeSieveGUI_menu.cpp:137:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QFile::WriteOnly | QFile::Text)) {
ANALYSIS SUMMARY:
Hits = 22
Lines analyzed = 11971 in approximately 0.29 seconds (41079 lines/second)
Physical Source Lines of Code (SLOC) = 8053
Hits@level = [0] 25 [1] 0 [2] 5 [3] 0 [4] 17 [5] 0
Hits@level+ = [0+] 47 [1+] 22 [2+] 22 [3+] 17 [4+] 17 [5+] 0
Hits/KSLOC@level+ = [0+] 5.83633 [1+] 2.7319 [2+] 2.7319 [3+] 2.11101 [4+] 2.11101 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.