Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/r-cran-desolve-1.28/src/ex_SCOC.c
Examining data/r-cran-desolve-1.28/src/R_init_deSolve.c
Examining data/r-cran-desolve-1.28/src/call_daspk.c
Examining data/r-cran-desolve-1.28/src/rk_implicit.c
Examining data/r-cran-desolve-1.28/src/call_lsoda.c
Examining data/r-cran-desolve-1.28/src/call_rk4.c
Examining data/r-cran-desolve-1.28/src/rk_util.h
Examining data/r-cran-desolve-1.28/src/lags.c
Examining data/r-cran-desolve-1.28/src/rk_auto.c
Examining data/r-cran-desolve-1.28/src/rk_fixed.c
Examining data/r-cran-desolve-1.28/src/ex_ChemicalDAE.c
Examining data/r-cran-desolve-1.28/src/deSolve.h
Examining data/r-cran-desolve-1.28/src/rk_util.c
Examining data/r-cran-desolve-1.28/src/ex_CCL4model.c
Examining data/r-cran-desolve-1.28/src/forcings.c
Examining data/r-cran-desolve-1.28/src/call_zvode.c
Examining data/r-cran-desolve-1.28/src/call_radau.c
Examining data/r-cran-desolve-1.28/src/rprintf.c
Examining data/r-cran-desolve-1.28/src/twoDmap.c
Examining data/r-cran-desolve-1.28/src/ex_Aquaphy.c
Examining data/r-cran-desolve-1.28/src/brent.c
Examining data/r-cran-desolve-1.28/src/call_euler.c
Examining data/r-cran-desolve-1.28/src/call_rkFixed.c
Examining data/r-cran-desolve-1.28/src/DLLutil.c
Examining data/r-cran-desolve-1.28/src/externalptr.h
Examining data/r-cran-desolve-1.28/src/zvode.h
Examining data/r-cran-desolve-1.28/src/deSolve_utils.c
Examining data/r-cran-desolve-1.28/src/call_rkAuto.c
Examining data/r-cran-desolve-1.28/src/call_iteration.c
Examining data/r-cran-desolve-1.28/src/call_rkImplicit.c
Examining data/r-cran-desolve-1.28/vignettes/mymod.c
Examining data/r-cran-desolve-1.28/inst/doc/mymod.c
Examining data/r-cran-desolve-1.28/inst/doc/dynload-dede/dedeUtils.c
Examining data/r-cran-desolve-1.28/inst/doc/dynload-dede/dede_lv2.c
Examining data/r-cran-desolve-1.28/inst/doc/dynload-dede/dede_lv.c
Examining data/r-cran-desolve-1.28/inst/doc/dynload-dede/dedesimple.c
Examining data/r-cran-desolve-1.28/inst/doc/dynload/ex_SCOC.c
Examining data/r-cran-desolve-1.28/inst/doc/dynload/Forcing_lv.c
Examining data/r-cran-desolve-1.28/inst/doc/dynload/odec.c
Examining data/r-cran-desolve-1.28/inst/doc/dynload/satresC.c
Examining data/r-cran-desolve-1.28/inst/doc/dynload/ex_CCL4model.c
Examining data/r-cran-desolve-1.28/inst/doc/dynload/ex_Aquaphy.c
FINAL RESULTS:
data/r-cran-desolve-1.28/src/call_daspk.c:183:33: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
SEXP rtol, SEXP atol, SEXP rho, SEXP tcrit, SEXP jacfunc, SEXP initfunc,
data/r-cran-desolve-1.28/src/call_daspk.c:245:18: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
latol = LENGTH(atol);
data/r-cran-desolve-1.28/src/call_daspk.c:247:46: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
for (j = 0; j < latol; j++) Atol[j] = REAL(atol)[j];
data/r-cran-desolve-1.28/src/call_lsoda.c:224:22: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
SEXP atol, SEXP rho, SEXP tcrit, SEXP jacfunc, SEXP initfunc,
data/r-cran-desolve-1.28/src/call_lsoda.c:292:18: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
latol = LENGTH(atol);
data/r-cran-desolve-1.28/src/call_lsoda.c:419:48: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
for (j = 0; j < latol; j++) Atol[j] = REAL(atol)[j];
data/r-cran-desolve-1.28/src/call_radau.c:324:33: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
SEXP parms, SEXP rtol, SEXP atol,
data/r-cran-desolve-1.28/src/call_radau.c:385:18: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
latol = LENGTH(atol);
data/r-cran-desolve-1.28/src/call_radau.c:387:46: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
for (j = 0; j < latol; j++) Atol[j] = REAL(atol)[j];
data/r-cran-desolve-1.28/src/call_rkAuto.c:47:31: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
for (j = 0; j < lAtol; j++) atol[j] = REAL(Atol)[j];
data/r-cran-desolve-1.28/src/call_rkAuto.c:255:30: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
out, bb1, bb2, cc, dd, atol, rtol, yknots, yout,
data/r-cran-desolve-1.28/src/call_rkAuto.c:276:34: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
out, bb1, bb2, cc, dd, atol, rtol, yknots, yout,
data/r-cran-desolve-1.28/src/call_zvode.c:100:8: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
SEXP atol, SEXP rho, SEXP tcrit, SEXP jacfunc, SEXP initfunc,
data/r-cran-desolve-1.28/src/call_zvode.c:157:18: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
latol = LENGTH(atol);
data/r-cran-desolve-1.28/src/call_zvode.c:159:46: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
for (j = 0; j < latol; j++) Atol[j] = REAL(atol)[j];
data/r-cran-desolve-1.28/src/rk_auto.c:29:16: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
double* atol, double* rtol, double* yknots, double* yout,
data/r-cran-desolve-1.28/src/rk_auto.c:95:30: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
err = maxerr(y0, y1, y2, atol, rtol, neq);
data/r-cran-desolve-1.28/src/rk_util.h:87:11: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
double* atol, double* rtol, double* yknots, double* yout,
ANALYSIS SUMMARY:
Hits = 18
Lines analyzed = 7786 in approximately 0.27 seconds (29365 lines/second)
Physical Source Lines of Code (SLOC) = 5072
Hits@level = [0] 0 [1] 0 [2] 18 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 18 [1+] 18 [2+] 18 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 3.5489 [1+] 3.5489 [2+] 3.5489 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.