stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/r-cran-locfit-1.5-9.4/src/math.c
Examining data/r-cran-locfit-1.5-9.4/src/lf_vari.c
Examining data/r-cran-locfit-1.5-9.4/src/fitted.c
Examining data/r-cran-locfit-1.5-9.4/src/m_eigen.c
Examining data/r-cran-locfit-1.5-9.4/src/dens_odi.c
Examining data/r-cran-locfit-1.5-9.4/src/scb_cons.c
Examining data/r-cran-locfit-1.5-9.4/src/S_enter.c
Examining data/r-cran-locfit-1.5-9.4/src/density.c
Examining data/r-cran-locfit-1.5-9.4/src/cversion.h
Examining data/r-cran-locfit-1.5-9.4/src/band.c
Examining data/r-cran-locfit-1.5-9.4/src/scb.c
Examining data/r-cran-locfit-1.5-9.4/src/m_solve.c
Examining data/r-cran-locfit-1.5-9.4/src/lf_dercor.c
Examining data/r-cran-locfit-1.5-9.4/src/family.c
Examining data/r-cran-locfit-1.5-9.4/src/mutil.h
Examining data/r-cran-locfit-1.5-9.4/src/ev_atree.c
Examining data/r-cran-locfit-1.5-9.4/src/dens_haz.c
Examining data/r-cran-locfit-1.5-9.4/src/lf_wdiag.c
Examining data/r-cran-locfit-1.5-9.4/src/m_svd.c
Examining data/r-cran-locfit-1.5-9.4/src/local.h
Examining data/r-cran-locfit-1.5-9.4/src/scb_iface.c
Examining data/r-cran-locfit-1.5-9.4/src/preplot.c
Examining data/r-cran-locfit-1.5-9.4/src/lfstr.c
Examining data/r-cran-locfit-1.5-9.4/src/m_imont.c
Examining data/r-cran-locfit-1.5-9.4/src/dens_int.c
Examining data/r-cran-locfit-1.5-9.4/src/startlf.c
Examining data/r-cran-locfit-1.5-9.4/src/imatlb.h
Examining data/r-cran-locfit-1.5-9.4/src/lf_adap.c
Examining data/r-cran-locfit-1.5-9.4/src/tube.h
Examining data/r-cran-locfit-1.5-9.4/src/m_qr.c
Examining data/r-cran-locfit-1.5-9.4/src/ev_trian.c
Examining data/r-cran-locfit-1.5-9.4/src/ev_sphere.c
Examining data/r-cran-locfit-1.5-9.4/src/m_jacob.c
Examining data/r-cran-locfit-1.5-9.4/src/design.h
Examining data/r-cran-locfit-1.5-9.4/src/ev_interp.c
Examining data/r-cran-locfit-1.5-9.4/src/frend.c
Examining data/r-cran-locfit-1.5-9.4/src/locfit.c
Examining data/r-cran-locfit-1.5-9.4/src/pcomp.c
Examining data/r-cran-locfit-1.5-9.4/src/lfwin.h
Examining data/r-cran-locfit-1.5-9.4/src/lf_robust.c
Examining data/r-cran-locfit-1.5-9.4/src/smisc.c
Examining data/r-cran-locfit-1.5-9.4/src/m_isimp.c
Examining data/r-cran-locfit-1.5-9.4/src/ev_kdtre.c
Examining data/r-cran-locfit-1.5-9.4/src/ev_main.c
Examining data/r-cran-locfit-1.5-9.4/src/minmax.c
Examining data/r-cran-locfit-1.5-9.4/src/lffuns.h
Examining data/r-cran-locfit-1.5-9.4/src/lfcons.h
Examining data/r-cran-locfit-1.5-9.4/src/m_isphr.c
Examining data/r-cran-locfit-1.5-9.4/src/m_vector.c
Examining data/r-cran-locfit-1.5-9.4/src/dbinom.c
Examining data/r-cran-locfit-1.5-9.4/src/simul.c
Examining data/r-cran-locfit-1.5-9.4/src/lfstruc.h
Examining data/r-cran-locfit-1.5-9.4/src/m_max.c
Examining data/r-cran-locfit-1.5-9.4/src/m_icirc.c
Examining data/r-cran-locfit-1.5-9.4/src/procv.c
Examining data/r-cran-locfit-1.5-9.4/src/lf_fitfun.c
Examining data/r-cran-locfit-1.5-9.4/src/m_chol.c
Examining data/r-cran-locfit-1.5-9.4/src/prob.c
Examining data/r-cran-locfit-1.5-9.4/src/scb_crit.c
Examining data/r-cran-locfit-1.5-9.4/src/lf_nbhd.c
Examining data/r-cran-locfit-1.5-9.4/src/weight.c

FINAL RESULTS:

data/r-cran-locfit-1.5-9.4/src/local.h:67:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define printf Rprintf
data/r-cran-locfit-1.5-9.4/src/local.h:109:8:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef printf
data/r-cran-locfit-1.5-9.4/src/local.h:110:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define printf lfprintf
data/r-cran-locfit-1.5-9.4/src/cversion.h:55:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char main[50], xlab[50], ylab[50], zlab[50];
data/r-cran-locfit-1.5-9.4/src/cversion.h:64:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[10];
data/r-cran-locfit-1.5-9.4/src/lfstr.c:52:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *famil[17] =
data/r-cran-locfit-1.5-9.4/src/lfstr.c:80:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *wfuns[13] = {
data/r-cran-locfit-1.5-9.4/src/lfstr.c:90:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *ktype[5] = { "spherical", "product", "center", "lm", "zeon" };
data/r-cran-locfit-1.5-9.4/src/lfstr.c:96:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *ltype[8] = { "default", "canonical", "identity", "log",
data/r-cran-locfit-1.5-9.4/src/lfstr.c:104:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *etype[11]= { "tree",     "phull", "data", "grid", "kdtree",
data/r-cran-locfit-1.5-9.4/src/lfstr.c:113:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *itype[7] = { "default", "multi", "product", "mlinear",
data/r-cran-locfit-1.5-9.4/src/lfstr.c:120:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *atype[5] = { "none", "cp", "ici", "mindex", "ok" };
data/r-cran-locfit-1.5-9.4/src/lfstr.c:126:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *rtype[8] = { "deviance", "d2",    "pearson", "raw",
data/r-cran-locfit-1.5-9.4/src/lfstr.c:130:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *whtyp[8] = { "coef", "nlx", "infl", "band",
data/r-cran-locfit-1.5-9.4/src/local.h:98:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef char varname[15];
data/r-cran-locfit-1.5-9.4/src/lfstr.c:45:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (ct==strlen(z)+1) return(vals[i]);

ANALYSIS SUMMARY:

Hits = 16
Lines analyzed = 13045 in approximately 0.39 seconds (33213 lines/second)
Physical Source Lines of Code (SLOC) = 10367
Hits@level = [0]  71 [1]   1 [2]  12 [3]   0 [4]   3 [5]   0
Hits@level+ = [0+]  87 [1+]  16 [2+]  15 [3+]   3 [4+]   3 [5+]   0
Hits/KSLOC@level+ = [0+] 8.39201 [1+] 1.54336 [2+] 1.4469 [3+] 0.28938 [4+] 0.28938 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.