Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/sleef-3.5.1/doc/html/hellox86.c Examining data/sleef-3.5.1/doc/html/ph.c Examining data/sleef-3.5.1/doc/html/tutorial.c Examining data/sleef-3.5.1/doc/html/vectest.c Examining data/sleef-3.5.1/include/sleefdft.h Examining data/sleef-3.5.1/src/arch/helperadvsimd.h Examining data/sleef-3.5.1/src/arch/helperavx.h Examining data/sleef-3.5.1/src/arch/helperavx2.h Examining data/sleef-3.5.1/src/arch/helperavx2_128.h Examining data/sleef-3.5.1/src/arch/helperavx512f.h Examining data/sleef-3.5.1/src/arch/helperneon32.h Examining data/sleef-3.5.1/src/arch/helperpower_128.h Examining data/sleef-3.5.1/src/arch/helperpurec.h Examining data/sleef-3.5.1/src/arch/helperpurec_scalar.h Examining data/sleef-3.5.1/src/arch/helpers390x_128.h Examining data/sleef-3.5.1/src/arch/helpersse2.h Examining data/sleef-3.5.1/src/arch/helpersve.h Examining data/sleef-3.5.1/src/arch/helpervecext.h Examining data/sleef-3.5.1/src/common/arraymap.c Examining data/sleef-3.5.1/src/common/arraymap.h Examining data/sleef-3.5.1/src/common/common.c Examining data/sleef-3.5.1/src/common/common.h Examining data/sleef-3.5.1/src/common/f128util.h Examining data/sleef-3.5.1/src/common/misc.h Examining data/sleef-3.5.1/src/dft-tester/bench1d.c Examining data/sleef-3.5.1/src/dft-tester/fftwtest1d.c Examining data/sleef-3.5.1/src/dft-tester/fftwtest2d.c Examining data/sleef-3.5.1/src/dft-tester/measuredft.c Examining data/sleef-3.5.1/src/dft-tester/naivetest.c Examining data/sleef-3.5.1/src/dft-tester/roundtriptest1d.c Examining data/sleef-3.5.1/src/dft-tester/roundtriptest2d.c Examining data/sleef-3.5.1/src/dft-tester/tutorial.c Examining data/sleef-3.5.1/src/dft/dft.c Examining data/sleef-3.5.1/src/dft/dftcommon.c Examining data/sleef-3.5.1/src/dft/dftcommon.h Examining data/sleef-3.5.1/src/dft/mkdispatch.c Examining data/sleef-3.5.1/src/dft/mkunroll.c Examining data/sleef-3.5.1/src/dft/vectortype.h Examining data/sleef-3.5.1/src/gencoef/dp.h Examining data/sleef-3.5.1/src/gencoef/gencoef.c Examining data/sleef-3.5.1/src/gencoef/ld.h Examining data/sleef-3.5.1/src/gencoef/mkrempitab.c Examining data/sleef-3.5.1/src/gencoef/mkrempitabqp.c Examining data/sleef-3.5.1/src/gencoef/qp.h Examining data/sleef-3.5.1/src/gencoef/simplexfr.c Examining data/sleef-3.5.1/src/gencoef/sp.h Examining data/sleef-3.5.1/src/libm-benchmarks/bench.h Examining data/sleef-3.5.1/src/libm-benchmarks/benchsleef.c Examining data/sleef-3.5.1/src/libm-benchmarks/benchsleef128.c Examining data/sleef-3.5.1/src/libm-benchmarks/benchsleef256.c Examining data/sleef-3.5.1/src/libm-benchmarks/benchsleef512.c Examining data/sleef-3.5.1/src/libm-benchmarks/benchsvml.c Examining data/sleef-3.5.1/src/libm-benchmarks/benchsvml128.c Examining data/sleef-3.5.1/src/libm-benchmarks/benchsvml256.c Examining data/sleef-3.5.1/src/libm-benchmarks/benchsvml512.c Examining data/sleef-3.5.1/src/libm-tester/gnuabi_compatibility.c Examining data/sleef-3.5.1/src/libm-tester/iut.c Examining data/sleef-3.5.1/src/libm-tester/iutsimd.c Examining data/sleef-3.5.1/src/libm-tester/iutsimdmain.c Examining data/sleef-3.5.1/src/libm-tester/tester2dp.c Examining data/sleef-3.5.1/src/libm-tester/tester2ld.c Examining data/sleef-3.5.1/src/libm-tester/tester2qp.c Examining data/sleef-3.5.1/src/libm-tester/tester2simddp.c Examining data/sleef-3.5.1/src/libm-tester/tester2simdsp.c Examining data/sleef-3.5.1/src/libm-tester/tester2sp.c Examining data/sleef-3.5.1/src/libm-tester/tester3.c Examining data/sleef-3.5.1/src/libm-tester/tester3main.c Examining data/sleef-3.5.1/src/libm-tester/testerutil.c Examining data/sleef-3.5.1/src/libm-tester/testerutil.h Examining data/sleef-3.5.1/src/libm-tester/tester.c Examining data/sleef-3.5.1/src/libm/addSuffix.c Examining data/sleef-3.5.1/src/libm/dd.h Examining data/sleef-3.5.1/src/libm/df.h Examining data/sleef-3.5.1/src/libm/estrin.h Examining data/sleef-3.5.1/src/libm/funcproto.h Examining data/sleef-3.5.1/src/libm/mkalias.c Examining data/sleef-3.5.1/src/libm/mkdisp.c Examining data/sleef-3.5.1/src/libm/mkmasked_gnuabi.c Examining data/sleef-3.5.1/src/libm/mkrename.c Examining data/sleef-3.5.1/src/libm/mkrename_gnuabi.c Examining data/sleef-3.5.1/src/libm/norename.h Examining data/sleef-3.5.1/src/libm/rempitab.c Examining data/sleef-3.5.1/src/libm/rename.h Examining data/sleef-3.5.1/src/libm/sleefdp.c Examining data/sleef-3.5.1/src/libm/sleefld.c Examining data/sleef-3.5.1/src/libm/sleefqp.c Examining data/sleef-3.5.1/src/libm/sleefsimddp.c Examining data/sleef-3.5.1/src/libm/sleefsimdsp.c Examining data/sleef-3.5.1/src/libm/sleefsp.c Examining data/sleef-3.5.1/src/quad-tester/qiutsimd.c Examining data/sleef-3.5.1/src/quad-tester/qiutsimdmain.c Examining data/sleef-3.5.1/src/quad-tester/qtester.c Examining data/sleef-3.5.1/src/quad-tester/qtesterutil.c Examining data/sleef-3.5.1/src/quad-tester/qtesterutil.h Examining data/sleef-3.5.1/src/quad-tester/tester2simdqp.c Examining data/sleef-3.5.1/src/quad/qfuncproto.h Examining data/sleef-3.5.1/src/quad/qmkrename.c Examining data/sleef-3.5.1/src/quad/rempitabqp.c Examining data/sleef-3.5.1/src/quad/sleefsimdqp.c FINAL RESULTS: data/sleef-3.5.1/src/common/arraymap.c:222:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(prefix2, prefix); data/sleef-3.5.1/src/common/arraymap.c:253:9: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if (sscanf(line + prefixLen, "%" SCNx64 " : %s\n", &key, value) == 2) { data/sleef-3.5.1/src/common/arraymap.c:281:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(prefix2, prefix); data/sleef-3.5.1/src/common/f128util.h:63:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(ptr, "%s%lld*2^%d", s != 0 ? "-" : "", (long long int)l, (e-0x3ff-52)); data/sleef-3.5.1/src/common/f128util.h:85:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(ptr, "%s%" PRIu64 "%019" PRIu64 "*2^%d", s != 0 ? "-" : "", h, l, (e-0x3fff-112)); data/sleef-3.5.1/src/dft/dftcommon.c:210:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dftPlanFilePath, path); data/sleef-3.5.1/src/dft/dftcommon.c:218:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(archID, arch); data/sleef-3.5.1/src/dft/dftcommon.c:313:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (sscanf(s, "%" SCNx64, &ret) != 1) return 0; data/sleef-3.5.1/src/dft/dftcommon.c:319:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(s, "%" PRIx64, value); data/sleef-3.5.1/src/dft/mkunroll.c:18:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(str, in); data/sleef-3.5.1/src/dft/mkunroll.c:65:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(line, "unroll_%d_%s.c", config, isaString); data/sleef-3.5.1/src/gencoef/gencoef.c:54:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&ret[3], s); data/sleef-3.5.1/src/gencoef/gencoef.c:59:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(ret, estr); data/sleef-3.5.1/src/libm-benchmarks/bench.h:12:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(fp, name ", %.3g, %.3g, %gulps, %g\n", \ data/sleef-3.5.1/src/libm-benchmarks/bench.h:23:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(fp, name ", %.3g, %.3g, %.3g, %.3g, %gulps, %g\n", \ data/sleef-3.5.1/src/libm-benchmarks/bench.h:34:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(fp, name ", %.3g, %.3g, %gulps, %g\n", \ data/sleef-3.5.1/src/libm-benchmarks/bench.h:45:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(fp, name ", %.3g, %.3g, %gulps, %g\n", \ data/sleef-3.5.1/src/libm-benchmarks/bench.h:56:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(fp, name ", %.3g, %.3g, %.3g, %.3g, %gulps, %g\n", \ data/sleef-3.5.1/src/libm-benchmarks/benchsleef.c:95:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fn, "%sdptrig.out", fnBase); data/sleef-3.5.1/src/libm-benchmarks/benchsleef.c:107:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fn, "%sdpnontrig.out", fnBase); data/sleef-3.5.1/src/libm-benchmarks/benchsleef.c:119:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fn, "%ssptrig.out", fnBase); data/sleef-3.5.1/src/libm-benchmarks/benchsleef.c:131:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fn, "%sspnontrig.out", fnBase); data/sleef-3.5.1/src/libm-benchmarks/benchsvml.c:108:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fn, "%sdptrig%gulp.out", fnBase, (double)SVMLULP); data/sleef-3.5.1/src/libm-benchmarks/benchsvml.c:119:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fn, "%sdpnontrig%gulp.out", fnBase, (double)SVMLULP); data/sleef-3.5.1/src/libm-benchmarks/benchsvml.c:130:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fn, "%ssptrig%gulp.out", fnBase, (double)SVMLULP); data/sleef-3.5.1/src/libm-benchmarks/benchsvml.c:141:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fn, "%sspnontrig%gulp.out", fnBase, (double)SVMLULP); data/sleef-3.5.1/src/libm-tester/iut.c:42:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "sin %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:47:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "sin_u1 %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:52:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "cos %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:57:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "cos_u1 %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:62:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "sincos %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:67:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "sincos_u1 %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:72:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "sincospi_u05 %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:77:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "sincospi_u35 %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:82:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "sinpi_u05 %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:87:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "cospi_u05 %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:92:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "tan %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:97:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "tan_u1 %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:102:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "asin %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:107:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "acos %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:112:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "atan %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:117:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "log %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:122:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "exp %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:127:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "atan2 %" PRIx64 " %" PRIx64, &u, &v); data/sleef-3.5.1/src/libm-tester/iut.c:132:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "asin_u1 %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:137:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "acos_u1 %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:142:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "atan_u1 %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:147:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "atan2_u1 %" PRIx64 " %" PRIx64, &u, &v); data/sleef-3.5.1/src/libm-tester/iut.c:152:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "log_u1 %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:157:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "pow %" PRIx64 " %" PRIx64, &u, &v); data/sleef-3.5.1/src/libm-tester/iut.c:162:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "sinh %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:167:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "cosh %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:172:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "tanh %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:177:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "sinh_u35 %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:182:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "cosh_u35 %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:187:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "tanh_u35 %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:192:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "asinh %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:197:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "acosh %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:202:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "atanh %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:207:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "fma %" PRIx64 " %" PRIx64 " %" PRIx64, &u, &v, &w); data/sleef-3.5.1/src/libm-tester/iut.c:212:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "sqrt %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:217:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "sqrt_u05 %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:222:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "sqrt_u35 %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:227:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "cbrt %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:232:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "cbrt_u1 %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:237:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "exp2 %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:242:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "exp2_u35 %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:247:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "exp10 %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:252:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "exp10_u35 %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:257:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "expm1 %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:262:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "log10 %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:267:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "log2 %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:272:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "log2_u35 %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:277:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "log1p %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:282:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "ldexp %" PRIx64 " %" PRIx64, &u, &v); data/sleef-3.5.1/src/libm-tester/iut.c:289:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "hypot_u05 %" PRIx64 " %" PRIx64, &u, &v); data/sleef-3.5.1/src/libm-tester/iut.c:294:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "hypot_u35 %" PRIx64 " %" PRIx64, &u, &v); data/sleef-3.5.1/src/libm-tester/iut.c:299:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "copysign %" PRIx64 " %" PRIx64, &u, &v); data/sleef-3.5.1/src/libm-tester/iut.c:304:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "fmax %" PRIx64 " %" PRIx64, &u, &v); data/sleef-3.5.1/src/libm-tester/iut.c:309:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "fmin %" PRIx64 " %" PRIx64, &u, &v); data/sleef-3.5.1/src/libm-tester/iut.c:314:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "fdim %" PRIx64 " %" PRIx64, &u, &v); data/sleef-3.5.1/src/libm-tester/iut.c:319:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "nextafter %" PRIx64 " %" PRIx64, &u, &v); data/sleef-3.5.1/src/libm-tester/iut.c:324:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "fmod %" PRIx64 " %" PRIx64, &u, &v); data/sleef-3.5.1/src/libm-tester/iut.c:329:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "remainder %" PRIx64 " %" PRIx64, &u, &v); data/sleef-3.5.1/src/libm-tester/iut.c:334:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "fabs %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:339:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "trunc %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:344:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "floor %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:349:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "ceil %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:354:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "round %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:359:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "rint %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:364:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "frfrexp %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:369:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "modf %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:374:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "tgamma_u1 %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:379:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "lgamma_u1 %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:384:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "erf_u1 %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:389:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "erfc_u15 %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iut.c:652:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, "ilogb %" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/iutsimd.c:380:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, funcStr " %" PRIx64, &u); \ data/sleef-3.5.1/src/libm-tester/iutsimd.c:398:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, funcStr " %" PRIx64, &u); \ data/sleef-3.5.1/src/libm-tester/iutsimd.c:421:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, funcStr " %" PRIx64 " %" PRIx64, &u, &v); \ data/sleef-3.5.1/src/libm-tester/iutsimd.c:443:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, funcStr " %" PRIx64 " %" PRIx64, &u, &v); \ data/sleef-3.5.1/src/libm-tester/iutsimd.c:463:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, funcStr " %" PRIx64, &u); \ data/sleef-3.5.1/src/libm-tester/iutsimd.c:485:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, funcStr " %x", &u); \ data/sleef-3.5.1/src/libm-tester/iutsimd.c:503:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, funcStr " %x", &u); \ data/sleef-3.5.1/src/libm-tester/iutsimd.c:526:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, funcStr " %x %x", &u, &v); \ data/sleef-3.5.1/src/libm-tester/tester.c:81:5: [4] (shell) execvp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execvp(path, argv); data/sleef-3.5.1/src/libm-tester/tester.c:100:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(str, funcStr " %" PRIx64 "\n", d2u(arg)); \ data/sleef-3.5.1/src/libm-tester/tester.c:103:5: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(str, "%" PRIx64, &u); \ data/sleef-3.5.1/src/libm-tester/tester.c:110:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(str, funcStr " %" PRIx64 "\n", d2u(arg)); \ data/sleef-3.5.1/src/libm-tester/tester.c:113:5: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(str, "%" PRIx64 " %" PRIx64, &u, &v); \ data/sleef-3.5.1/src/libm-tester/tester.c:123:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(str, funcStr " %" PRIx64 " %" PRIx64 "\n", d2u(arg1), d2u(arg2)); \ data/sleef-3.5.1/src/libm-tester/tester.c:126:5: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(str, "%" PRIx64, &u); \ data/sleef-3.5.1/src/libm-tester/tester.c:215:3: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(str, "%" PRIx64, &u); data/sleef-3.5.1/src/libm-tester/tester.c:235:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(str, funcStr " %x\n", f2u(arg)); \ data/sleef-3.5.1/src/libm-tester/tester.c:245:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(str, funcStr " %x\n", f2u(arg)); \ data/sleef-3.5.1/src/libm-tester/tester.c:258:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(str, funcStr " %x %x\n", f2u(arg1), f2u(arg2)); \ data/sleef-3.5.1/src/libm-tester/tester2simddp.c:366:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " sincospi_u05 sin arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:373:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " sincospi_u35 sin arg=%.20g ulp=%.20g\n", d, u1); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:380:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " sinpi_u05 arg=%.20g ulp=%.20g\n", d, u2); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:393:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " sincospi_u05 cos arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:400:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " sincospi_u35 cos arg=%.20g ulp=%.20g\n", d, u1); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:407:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " cospi_u05 arg=%.20g ulp=%.20g\n", d, u2); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:422:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " sin arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:429:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " sincos sin arg=%.20g ulp=%.20g\n", d, u1); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:436:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " sin_u1 arg=%.20g ulp=%.20g\n", d, u2); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:443:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " sincos_u1 sin arg=%.20g ulp=%.20g\n", d, u3); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:455:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " cos arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:462:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " sincos cos arg=%.20g ulp=%.20g\n", d, u1); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:469:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " cos_u1 arg=%.20g ulp=%.20g\n", d, u2); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:476:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " sincos_u1 cos arg=%.20g ulp=%.20g\n", d, u3); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:488:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " tan arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:495:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " tan_u1 arg=%.20g ulp=%.20g\n", d, u1); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:507:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " log arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:514:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " log_u1 arg=%.20g ulp=%.20g\n", d, u1); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:526:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " log10 arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:538:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " log2 arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:545:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " log2_u35 arg=%.20g ulp=%.20g\n", d, u1); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:559:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " log1p arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:571:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " exp arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:583:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " exp2 arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:590:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " exp2_u35 arg=%.20g ulp=%.20g\n", d, u1); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:602:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " exp10 arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:609:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " exp10_u35 arg=%.20g ulp=%.20g\n", d, u1); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:621:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " expm1 arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:634:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " pow arg=%.20g, %.20g ulp=%.20g\n", d2, d, u0); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:646:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " cbrt arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:653:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " cbrt_u1 arg=%.20g ulp=%.20g\n", d, u1); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:665:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " asin arg=%.20g ulp=%.20g\n", zo, u0); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:672:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " asin_u1 arg=%.20g ulp=%.20g\n", zo, u1); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:684:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " acos arg=%.20g ulp=%.20g\n", zo, u0); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:691:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " acos_u1 arg=%.20g ulp=%.20g\n", zo, u1); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:703:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " atan arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:710:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " atan_u1 arg=%.20g ulp=%.20g\n", d, u1); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:723:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " atan2 arg=%.20g, %.20g ulp=%.20g\n", d2, d, u0); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:730:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " atan2_u1 arg=%.20g, %.20g ulp=%.20g\n", d2, d, u1); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:744:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " sinh arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:756:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " cosh arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:768:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " tanh arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:782:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " sinh_u35 arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:795:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " cosh_u35 arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:808:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " tanh_u35 arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:823:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " asinh arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:837:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " acosh arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:849:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " atanh arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:863:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " fabs arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:877:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " copysign arg=%.20g, %.20g ulp=%.20g\n", d, d2, u0); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:891:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " fmax arg=%.20g, %.20g ulp=%.20g\n", d, d2, u0); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:905:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " fmin arg=%.20g, %.20g ulp=%.20g\n", d, d2, u0); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:919:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " fdim arg=%.20g, %.20g ulp=%.20g\n", d, d2, u0); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:932:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " trunc arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:945:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " floor arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:958:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " ceil arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:971:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " round arg=%.24g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:984:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " rint arg=%.24g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:1001:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " fma arg=%.20g, %.20g, %.20g ulp=%.20g\n", d, d2, d3, u0); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:1015:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " sqrt arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:1028:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " sqrt_u05 arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:1041:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " sqrt_u35 arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:1057:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " hypot_u05 arg=%.20g, %.20g ulp=%.20g\n", d, d2, u0); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:1074:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " hypot_u35 arg=%.20g, %.20g ulp=%.20g\n", d, d2, u0); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:1086:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " nextafter arg=%.20g, %.20g\n", d, d2); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:1099:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " frfrexp arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:1113:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " fmod arg=%.20g, %.20g ulp=%.20g\n", d, d2, u0); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:1128:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " remainder arg=%.20g, %.20g ulp=%.20g\n", d, d2, u0); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:1171:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " modf arg=%.20g ulp=%.20g %.20g\n", d, u0, u1); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:337:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " sincospif_u05 sin arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:344:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " sincospif_u35 sin arg=%.20g ulp=%.20g\n", d, u1); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:351:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " sinpif_u05 arg=%.20g ulp=%.20g\n", d, u2); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:365:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " sincospif_u05 cos arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:372:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " sincospif_u35 cos arg=%.20g ulp=%.20g\n", d, u1); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:379:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " cospif_u05 arg=%.20g ulp=%.20g\n", d, u2); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:394:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " sinf arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:401:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " sincosf sin arg=%.20g ulp=%.20g\n", d, u1); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:408:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " sinf_u1 arg=%.20g ulp=%.20g\n", d, u2); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:415:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " sincosf_u1 sin arg=%.20g ulp=%.20g\n", d, u3); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:423:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " fastsinf_u3500 arg=%.20g ulp=%.20g\n", d, u4); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:435:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " cosf arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:442:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " sincosf cos arg=%.20g ulp=%.20g\n", d, u1); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:449:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " cosf_u1 arg=%.20g ulp=%.20g\n", d, u2); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:456:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " sincosf_u1 cos arg=%.20g ulp=%.20g\n", d, u3); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:464:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " fastcosf_u3500 arg=%.20g ulp=%.20g\n", d, u4); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:476:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " tanf arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:483:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " tanf_u1 arg=%.20g ulp=%.20g\n", d, u1); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:495:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " logf arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:502:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " logf_u1 arg=%.20g ulp=%.20g\n", d, u1); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:514:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " log10f arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:526:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " log2f arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:533:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " log2f_u35 arg=%.20g ulp=%.20g\n", d, u1); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:547:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " log1pf arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:559:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " expf arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:571:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " exp2f arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:578:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " exp2f_u35 arg=%.20g ulp=%.20g\n", d, u1); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:590:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " exp10f arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:597:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " exp10f_u35 arg=%.20g ulp=%.20g\n", d, u1); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:609:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " expm1f arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:622:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " powf arg=%.20g, %.20g ulp=%.20g\n", d2, d, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:631:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " fastpowf_u3500 arg=%.20g, %.20g ulp=%.20g\n", d2, d, u1); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:645:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " cbrtf arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:652:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " cbrtf_u1 arg=%.20g ulp=%.20g\n", d, u1); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:664:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " asinf arg=%.20g ulp=%.20g\n", zo, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:671:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " asinf_u1 arg=%.20g ulp=%.20g\n", zo, u1); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:683:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " acosf arg=%.20g ulp=%.20g\n", zo, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:690:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " acosf_u1 arg=%.20g ulp=%.20g\n", zo, u1); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:702:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " atanf arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:709:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " atanf_u1 arg=%.20g ulp=%.20g\n", d, u1); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:722:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " atan2f arg=%.20g, %.20g ulp=%.20g\n", d2, d, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:729:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " atan2f_u1 arg=%.20g, %.20g ulp=%.20g\n", d2, d, u1); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:743:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " sinhf arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:755:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " coshf arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:767:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " tanhf arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:781:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " sinhf_u35 arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:793:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " coshf_u35 arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:805:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " tanhf_u35 arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:819:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " asinhf arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:833:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " acoshf arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:845:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " atanhf arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:875:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " fabsf arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:889:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " copysignf arg=%.20g, %.20g ulp=%.20g\n", d, d2, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:903:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " fmaxf arg=%.20g, %.20g ulp=%.20g\n", d, d2, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:917:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " fminf arg=%.20g, %.20g ulp=%.20g\n", d, d2, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:931:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " fdimf arg=%.20g, %.20g ulp=%.20g\n", d, d2, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:944:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " truncf arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:957:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " floorf arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:970:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " ceilf arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:983:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " roundf arg=%.24g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:996:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " rintf arg=%.24g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:1011:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " modff arg=%.20g ulp=%.20g %.20g\n", d, u0, u1); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:1023:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " nextafterf arg=%.20g, %.20g\n", d, d2); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:1035:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " frfrexpf arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:1063:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " hypotf_u05 arg=%.20g, %.20g ulp=%.20g\n", d, d2, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:1078:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " hypotf_u35 arg=%.20g, %.20g ulp=%.20g\n", d, d2, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:1093:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " fmodf arg=%.20g, %.20g ulp=%.20g\n", d, d2, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:1108:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " remainderf arg=%.20g, %.20g ulp=%.20g\n", d, d2, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:1125:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " fmaf arg=%.20g, %.20g, %.20g ulp=%.20g\n", d, d2, d3, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:1139:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " sqrtf arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:1152:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " sqrtf_u05 arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:1165:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " sqrtf_u35 arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:1179:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " erfcf_u15 arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:1192:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " erff_u1 arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:1207:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " xlgammaf_u1 arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:1223:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " xtgammaf_u1 arg=%.20g ulp=%.20g\n", d, u0); data/sleef-3.5.1/src/libm/addSuffix.c:153:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(keywords[nkeywords], buf); data/sleef-3.5.1/src/libm/mkalias.c:46:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(returnType[0], "%s", argv[2]); data/sleef-3.5.1/src/libm/mkalias.c:47:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(returnType[1], "%s", argv[2]); data/sleef-3.5.1/src/libm/mkalias.c:48:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(returnType[2], "%s", fptype ? "vfloat2" : "vdouble2"); data/sleef-3.5.1/src/libm/mkalias.c:49:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(returnType[3], "%s", argv[2]); data/sleef-3.5.1/src/libm/mkalias.c:50:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(returnType[4], "%s", argv[3]); data/sleef-3.5.1/src/libm/mkalias.c:51:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(returnType[5], "%s", argv[2]); data/sleef-3.5.1/src/libm/mkalias.c:52:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(returnType[6], "%s", fptype ? "vfloat2" : "vdouble2"); data/sleef-3.5.1/src/libm/mkalias.c:56:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(argType0[0], "%s", argv[2]); data/sleef-3.5.1/src/libm/mkalias.c:57:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(argType0[1], "%s, %s", argv[2], argv[2]); data/sleef-3.5.1/src/libm/mkalias.c:58:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(argType0[2], "%s", argv[2]); data/sleef-3.5.1/src/libm/mkalias.c:59:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(argType0[3], "%s, %s", argv[2], argv[3]); data/sleef-3.5.1/src/libm/mkalias.c:60:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(argType0[4], "%s", argv[2]); data/sleef-3.5.1/src/libm/mkalias.c:61:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(argType0[5], "%s, %s, %s", argv[2], argv[2], argv[2]); data/sleef-3.5.1/src/libm/mkalias.c:62:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(argType0[6], "%s", argv[2]); data/sleef-3.5.1/src/libm/mkalias.c:66:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(argType1[0], "%s a0", argv[2]); data/sleef-3.5.1/src/libm/mkalias.c:67:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(argType1[1], "%s a0, %s a1", argv[2], argv[2]); data/sleef-3.5.1/src/libm/mkalias.c:68:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(argType1[2], "%s a0", argv[2]); data/sleef-3.5.1/src/libm/mkalias.c:69:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(argType1[3], "%s a0, %s a1", argv[2], argv[3]); data/sleef-3.5.1/src/libm/mkalias.c:70:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(argType1[4], "%s a0", argv[2]); data/sleef-3.5.1/src/libm/mkalias.c:71:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(argType1[5], "%s a0, %s a1, %s a2", argv[2], argv[2], argv[2]); data/sleef-3.5.1/src/libm/mkalias.c:72:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(argType1[6], "%s a0", argv[2]); data/sleef-3.5.1/src/libm/mkmasked_gnuabi.c:118:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(function, funcname[1], funcname[0]); data/sleef-3.5.1/src/libm/mkmasked_gnuabi.c:135:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(function, funcname[1], funcname[0]); data/sleef-3.5.1/src/libm/mkrename.c:17:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ret, str); data/sleef-3.5.1/src/quad-tester/qiutsimd.c:135:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, funcStr " %" PRIx64 ":%" PRIx64, &c0.h, &c0.l); \ data/sleef-3.5.1/src/quad-tester/qiutsimd.c:152:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, funcStr " %" PRIx64 ":%" PRIx64 " %" PRIx64 ":%" PRIx64, &c0.h, &c0.l, &c1.h, &c1.l); \ data/sleef-3.5.1/src/quad-tester/qiutsimd.c:171:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, funcStr " %" PRIx64 ":%" PRIx64 " %" PRIx64 ":%" PRIx64, &c0.h, &c0.l, &c1.h, &c1.l); \ data/sleef-3.5.1/src/quad-tester/qiutsimd.c:191:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, funcStr " %" PRIx64 ":%" PRIx64, &c0.h, &c0.l); \ data/sleef-3.5.1/src/quad-tester/qiutsimd.c:208:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, funcStr " %" PRIx64, &u); \ data/sleef-3.5.1/src/quad-tester/qiutsimd.c:225:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, funcStr " %63s", s); \ data/sleef-3.5.1/src/quad-tester/qiutsimd.c:240:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(buf, funcStr " %" PRIx64 ":%" PRIx64, &c0.h, &c0.l); \ data/sleef-3.5.1/src/quad-tester/qtester.c:77:5: [4] (shell) execvp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execvp(path, argv); data/sleef-3.5.1/src/quad-tester/qtester.c:104:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(str, funcStr " %" PRIx64 ":%" PRIx64 "\n", c.h, c.l); \ data/sleef-3.5.1/src/quad-tester/qtester.c:107:5: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(str, "%" PRIx64 ":%" PRIx64, &c.h, &c.l); \ data/sleef-3.5.1/src/quad-tester/qtester.c:115:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(str, funcStr " %" PRIx64 ":%" PRIx64 "\n", c0.h, c0.l); \ data/sleef-3.5.1/src/quad-tester/qtester.c:118:5: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(str, "%" PRIx64 ":%" PRIx64 " %" PRIx64 ":%" PRIx64 , &c0.h, &c0.l, &c1.h, &c1.l); \ data/sleef-3.5.1/src/quad-tester/qtester.c:128:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(str, funcStr " %" PRIx64 ":%" PRIx64 " %" PRIx64 ":%" PRIx64 "\n", c0.h, c0.l, c1.h, c1.l); \ data/sleef-3.5.1/src/quad-tester/qtester.c:131:5: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(str, "%" PRIx64 ":%" PRIx64, &c0.h, &c0.l); \ data/sleef-3.5.1/src/quad-tester/qtester.c:140:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(str, funcStr " %" PRIx64 ":%" PRIx64 " %" PRIx64 ":%" PRIx64 "\n", c0.h, c0.l, c1.h, c1.l); \ data/sleef-3.5.1/src/quad-tester/qtester.c:152:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(str, funcStr " %" PRIx64 ":%" PRIx64 "\n", c.h, c.l); \ data/sleef-3.5.1/src/quad-tester/qtester.c:156:5: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(str, "%" PRIx64, &u); \ data/sleef-3.5.1/src/quad-tester/qtester.c:163:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(str, funcStr " %" PRIx64 "\n", d2u(arg)); \ data/sleef-3.5.1/src/quad-tester/qtester.c:167:5: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(str, "%" PRIx64 ":%" PRIx64, &c.h, &c.l); \ data/sleef-3.5.1/src/quad-tester/qtester.c:173:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(str, funcStr " %s\n", arg); \ data/sleef-3.5.1/src/quad-tester/qtester.c:177:5: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(str, "%" PRIx64 ":%" PRIx64, &c.h, &c.l); \ data/sleef-3.5.1/src/quad-tester/qtester.c:185:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(str, funcStr " %" PRIx64 ":%" PRIx64 "\n", c.h, c.l); \ data/sleef-3.5.1/src/quad-tester/qtesterutil.c:539:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(ret, "%016llx%016llx (%s)", (unsigned long long)c128.h, (unsigned long long)c128.l, f); data/sleef-3.5.1/src/quad-tester/tester2simdqp.c:290:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " add arg=%s %s ulp=%.20g\n", sprintf128(q0), sprintf128(q1), u0); data/sleef-3.5.1/src/quad-tester/tester2simdqp.c:303:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " sub arg=%s %s ulp=%.20g\n", sprintf128(q0), sprintf128(q1), u0); data/sleef-3.5.1/src/quad-tester/tester2simdqp.c:316:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " mul arg=%s %s ulp=%.20g\n", sprintf128(q0), sprintf128(q1), u0); data/sleef-3.5.1/src/quad-tester/tester2simdqp.c:329:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " div arg=%s %s ulp=%.20g\n", sprintf128(q0), sprintf128(q1), u0); data/sleef-3.5.1/src/quad-tester/tester2simdqp.c:342:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " sqrt arg=%s ulp=%.20g\n", sprintf128(q0), u0); data/sleef-3.5.1/src/quad-tester/tester2simdqp.c:357:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " cast_from_double arg=%.20g\n", d); data/sleef-3.5.1/src/quad-tester/tester2simdqp.c:369:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " cast_to_double arg=%s\n", sprintf128(q0)); data/sleef-3.5.1/src/quad-tester/tester2simdqp.c:381:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " cmpltq arg=%s, %s, test = %d, corr = %d \n", sprintf128(q0), sprintf128(q1), ti, ci); data/sleef-3.5.1/src/quad-tester/tester2simdqp.c:391:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " cmpgtq arg=%s, %s, test = %d, corr = %d \n", sprintf128(q0), sprintf128(q1), ti, ci); data/sleef-3.5.1/src/quad-tester/tester2simdqp.c:401:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " cmpleq arg=%s, %s, test = %d, corr = %d \n", sprintf128(q0), sprintf128(q1), ti, ci); data/sleef-3.5.1/src/quad-tester/tester2simdqp.c:411:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " cmpgeq arg=%s, %s, test = %d, corr = %d \n", sprintf128(q0), sprintf128(q1), ti, ci); data/sleef-3.5.1/src/quad-tester/tester2simdqp.c:421:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " cmpeq arg=%s, %s, test = %d, corr = %d \n", sprintf128(q0), sprintf128(q1), ti, ci); data/sleef-3.5.1/src/quad-tester/tester2simdqp.c:431:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " cmpneq arg=%s, %s, test = %d, corr = %d \n", sprintf128(q0), sprintf128(q1), ti, ci); data/sleef-3.5.1/src/quad-tester/tester2simdqp.c:441:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " unord arg=%s, %s, test = %d, corr = %d \n", sprintf128(q0), sprintf128(q1), ti, ci); data/sleef-3.5.1/src/quad-tester/tester2simdqp.c:451:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " unord arg=%s, %s, test = %d, corr = %d \n", sprintf128(q0), sprintf128(q1), ti, ci); data/sleef-3.5.1/src/quad-tester/tester2simdqp.c:473:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " exp arg=%s ulp=%.20g\n", sprintf128(q0), u0); data/sleef-3.5.1/src/quad-tester/tester2simdqp.c:485:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " exp2 arg=%s ulp=%.20g\n", sprintf128(q0), u0); data/sleef-3.5.1/src/quad-tester/tester2simdqp.c:497:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " exp10 arg=%s ulp=%.20g\n", sprintf128(q0), u0); data/sleef-3.5.1/src/quad-tester/tester2simdqp.c:509:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " expm1 arg=%s ulp=%.20g\n", sprintf128(q0), u0); data/sleef-3.5.1/src/quad-tester/tester2simdqp.c:521:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " log arg=%s ulp=%.20g\n", sprintf128(q0), u0); data/sleef-3.5.1/src/quad-tester/tester2simdqp.c:533:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " log2 arg=%s ulp=%.20g\n", sprintf128(q0), u0); data/sleef-3.5.1/src/quad-tester/tester2simdqp.c:545:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " log10 arg=%s ulp=%.20g\n", sprintf128(q0), u0); data/sleef-3.5.1/src/quad-tester/tester2simdqp.c:557:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " log1p arg=%s ulp=%.20g\n", sprintf128(q0), u0); data/sleef-3.5.1/src/quad-tester/tester2simdqp.c:569:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " atan arg=%s ulp=%.20g\n", sprintf128(q0), u0); data/sleef-3.5.1/src/quad-tester/tester2simdqp.c:585:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " asin arg=%s ulp=%.20g\n", sprintf128(q0), u0); data/sleef-3.5.1/src/quad-tester/tester2simdqp.c:597:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " acos arg=%s ulp=%.20g\n", sprintf128(q0), u0); data/sleef-3.5.1/src/quad-tester/tester2simdqp.c:638:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " sin arg=%s ulp=%.20g\n", sprintf128(q0), u0); data/sleef-3.5.1/src/quad-tester/tester2simdqp.c:650:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " cos arg=%s ulp=%.20g\n", sprintf128(q0), u0); data/sleef-3.5.1/src/quad-tester/tester2simdqp.c:662:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ISANAME " tan arg=%s ulp=%.20g\n", sprintf128(q0), u0); data/sleef-3.5.1/doc/html/vectest.c:10:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(NULL)); data/sleef-3.5.1/src/dft-tester/fftwtest1d.c:50:22: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. real re = (2.0 * random() - 1) / (real)RAND_MAX; data/sleef-3.5.1/src/dft-tester/fftwtest1d.c:51:22: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. real im = (2.0 * random() - 1) / (real)RAND_MAX; data/sleef-3.5.1/src/dft-tester/fftwtest1d.c:89:22: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. real re = (2.0 * random() - 1) / (real)RAND_MAX; data/sleef-3.5.1/src/dft-tester/fftwtest1d.c:90:22: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. real im = (2.0 * random() - 1) / (real)RAND_MAX; data/sleef-3.5.1/src/dft-tester/fftwtest1d.c:128:22: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. real re = (2.0 * random() - 1) / (real)RAND_MAX; data/sleef-3.5.1/src/dft-tester/fftwtest1d.c:207:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(NULL)); data/sleef-3.5.1/src/dft-tester/fftwtest2d.c:50:24: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. double re = (2.0 * random() - 1) / (double)RAND_MAX; data/sleef-3.5.1/src/dft-tester/fftwtest2d.c:51:24: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. double im = (2.0 * random() - 1) / (double)RAND_MAX; data/sleef-3.5.1/src/dft-tester/fftwtest2d.c:89:24: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. double re = (2.0 * random() - 1) / (double)RAND_MAX; data/sleef-3.5.1/src/dft-tester/fftwtest2d.c:90:24: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. double im = (2.0 * random() - 1) / (double)RAND_MAX; data/sleef-3.5.1/src/dft-tester/fftwtest2d.c:126:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(NULL)); data/sleef-3.5.1/src/dft-tester/naivetest.c:468:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(NULL)); data/sleef-3.5.1/src/dft-tester/roundtriptest1d.c:155:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(NULL)); data/sleef-3.5.1/src/dft-tester/roundtriptest2d.c:102:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(NULL)); data/sleef-3.5.1/src/dft/dftcommon.c:226:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *s = getenv(ENVVAR); data/sleef-3.5.1/src/gencoef/gencoef.c:271:3: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srandom(time(NULL)); data/sleef-3.5.1/src/gencoef/gencoef.c:348:19: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. int r = tab[random() & 7]; data/sleef-3.5.1/src/libm-benchmarks/benchsleef.c:43:25: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. double r = ((double)random() + RAND_MAX * (double)random()) / (RAND_MAX * (double)RAND_MAX); data/sleef-3.5.1/src/libm-benchmarks/benchsleef.c:43:55: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. double r = ((double)random() + RAND_MAX * (double)random()) / (RAND_MAX * (double)RAND_MAX); data/sleef-3.5.1/src/libm-benchmarks/benchsleef.c:50:25: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. double r = ((double)random() + RAND_MAX * (double)random()) / (RAND_MAX * (double)RAND_MAX); data/sleef-3.5.1/src/libm-benchmarks/benchsleef.c:50:55: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. double r = ((double)random() + RAND_MAX * (double)random()) / (RAND_MAX * (double)RAND_MAX); data/sleef-3.5.1/src/libm-benchmarks/benchsleef.c:77:3: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srandom(time(NULL)); data/sleef-3.5.1/src/libm-benchmarks/benchsvml.c:51:25: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. double r = ((double)random() + RAND_MAX * (double)random()) / (RAND_MAX * (double)RAND_MAX); data/sleef-3.5.1/src/libm-benchmarks/benchsvml.c:51:55: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. double r = ((double)random() + RAND_MAX * (double)random()) / (RAND_MAX * (double)RAND_MAX); data/sleef-3.5.1/src/libm-benchmarks/benchsvml.c:58:25: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. double r = ((double)random() + RAND_MAX * (double)random()) / (RAND_MAX * (double)RAND_MAX); data/sleef-3.5.1/src/libm-benchmarks/benchsvml.c:58:55: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. double r = ((double)random() + RAND_MAX * (double)random()) / (RAND_MAX * (double)RAND_MAX); data/sleef-3.5.1/src/libm-benchmarks/benchsvml.c:86:3: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srandom(time(NULL)); data/sleef-3.5.1/src/libm-tester/tester2dp.c:51:10: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. switch(random() & 63) { data/sleef-3.5.1/src/libm-tester/tester2dp.c:52:38: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. case 0: return nexttoward0( 0.0, -(random() & ((1 << (random() & 31)) - 1))); data/sleef-3.5.1/src/libm-tester/tester2dp.c:52:57: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. case 0: return nexttoward0( 0.0, -(random() & ((1 << (random() & 31)) - 1))); data/sleef-3.5.1/src/libm-tester/tester2dp.c:53:38: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. case 1: return nexttoward0(-0.0, -(random() & ((1 << (random() & 31)) - 1))); data/sleef-3.5.1/src/libm-tester/tester2dp.c:53:57: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. case 1: return nexttoward0(-0.0, -(random() & ((1 << (random() & 31)) - 1))); data/sleef-3.5.1/src/libm-tester/tester2dp.c:54:42: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. case 2: return nexttoward0( INFINITY, (random() & ((1 << (random() & 31)) - 1))); data/sleef-3.5.1/src/libm-tester/tester2dp.c:54:61: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. case 2: return nexttoward0( INFINITY, (random() & ((1 << (random() & 31)) - 1))); data/sleef-3.5.1/src/libm-tester/tester2dp.c:55:42: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. case 3: return nexttoward0(-INFINITY, (random() & ((1 << (random() & 31)) - 1))); data/sleef-3.5.1/src/libm-tester/tester2dp.c:55:61: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. case 3: return nexttoward0(-INFINITY, (random() & ((1 << (random() & 31)) - 1))); data/sleef-3.5.1/src/libm-tester/tester2dp.c:60:11: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. c.u64 = random() | ((uint64_t)random() << 31) | ((uint64_t)random() << 62); data/sleef-3.5.1/src/libm-tester/tester2dp.c:60:33: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. c.u64 = random() | ((uint64_t)random() << 31) | ((uint64_t)random() << 62); data/sleef-3.5.1/src/libm-tester/tester2dp.c:60:62: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. c.u64 = random() | ((uint64_t)random() << 31) | ((uint64_t)random() << 62); data/sleef-3.5.1/src/libm-tester/tester2dp.c:71:13: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. c.u64 = random() | ((uint64_t)random() << 31) | ((uint64_t)random() << 62); data/sleef-3.5.1/src/libm-tester/tester2dp.c:71:35: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. c.u64 = random() | ((uint64_t)random() << 31) | ((uint64_t)random() << 62); data/sleef-3.5.1/src/libm-tester/tester2dp.c:71:64: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. c.u64 = random() | ((uint64_t)random() << 31) | ((uint64_t)random() << 62); data/sleef-3.5.1/src/libm-tester/tester2dp.c:83:13: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. c.u64 = random() | ((uint64_t)random() << 31) | ((uint64_t)random() << 62); data/sleef-3.5.1/src/libm-tester/tester2dp.c:83:35: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. c.u64 = random() | ((uint64_t)random() << 31) | ((uint64_t)random() << 62); data/sleef-3.5.1/src/libm-tester/tester2dp.c:83:64: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. c.u64 = random() | ((uint64_t)random() << 31) | ((uint64_t)random() << 62); data/sleef-3.5.1/src/libm-tester/tester2dp.c:102:3: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srandom(time(NULL)); data/sleef-3.5.1/src/libm-tester/tester2dp.c:114:18: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. cd.i64 += (random() & 0xff) - 0x7f; data/sleef-3.5.1/src/libm-tester/tester2dp.c:122:18: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. cd.i64 += (random() & 0xf) - 0x7; data/sleef-3.5.1/src/libm-tester/tester2dp.c:906:18: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. int exp = (random() & 8191) - 4096; data/sleef-3.5.1/src/libm-tester/tester2ld.c:103:10: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. switch(random() & 15) { data/sleef-3.5.1/src/libm-tester/tester2ld.c:110:12: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. c.u128 = random() | ((__int128)random() << 31) | ((__int128)random() << (31*2)) | ((__int128)random() << (31*3)) | ((__int128)random() << (31*4)); data/sleef-3.5.1/src/libm-tester/tester2ld.c:110:34: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. c.u128 = random() | ((__int128)random() << 31) | ((__int128)random() << (31*2)) | ((__int128)random() << (31*3)) | ((__int128)random() << (31*4)); data/sleef-3.5.1/src/libm-tester/tester2ld.c:110:63: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. c.u128 = random() | ((__int128)random() << 31) | ((__int128)random() << (31*2)) | ((__int128)random() << (31*3)) | ((__int128)random() << (31*4)); data/sleef-3.5.1/src/libm-tester/tester2ld.c:110:96: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. c.u128 = random() | ((__int128)random() << 31) | ((__int128)random() << (31*2)) | ((__int128)random() << (31*3)) | ((__int128)random() << (31*4)); data/sleef-3.5.1/src/libm-tester/tester2ld.c:110:129: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. c.u128 = random() | ((__int128)random() << 31) | ((__int128)random() << (31*2)) | ((__int128)random() << (31*3)) | ((__int128)random() << (31*4)); data/sleef-3.5.1/src/libm-tester/tester2ld.c:121:14: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. c.u128 = random() | ((__int128)random() << 31) | ((__int128)random() << (31*2)) | ((__int128)random() << (31*3)) | ((__int128)random() << (31*4)); data/sleef-3.5.1/src/libm-tester/tester2ld.c:121:36: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. c.u128 = random() | ((__int128)random() << 31) | ((__int128)random() << (31*2)) | ((__int128)random() << (31*3)) | ((__int128)random() << (31*4)); data/sleef-3.5.1/src/libm-tester/tester2ld.c:121:65: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. c.u128 = random() | ((__int128)random() << 31) | ((__int128)random() << (31*2)) | ((__int128)random() << (31*3)) | ((__int128)random() << (31*4)); data/sleef-3.5.1/src/libm-tester/tester2ld.c:121:98: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. c.u128 = random() | ((__int128)random() << 31) | ((__int128)random() << (31*2)) | ((__int128)random() << (31*3)) | ((__int128)random() << (31*4)); data/sleef-3.5.1/src/libm-tester/tester2ld.c:121:131: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. c.u128 = random() | ((__int128)random() << 31) | ((__int128)random() << (31*2)) | ((__int128)random() << (31*3)) | ((__int128)random() << (31*4)); data/sleef-3.5.1/src/libm-tester/tester2ld.c:133:14: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. c.u128 = random() | ((__int128)random() << 31) | ((__int128)random() << (31*2)) | ((__int128)random() << (31*3)) | ((__int128)random() << (31*4)); data/sleef-3.5.1/src/libm-tester/tester2ld.c:133:36: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. c.u128 = random() | ((__int128)random() << 31) | ((__int128)random() << (31*2)) | ((__int128)random() << (31*3)) | ((__int128)random() << (31*4)); data/sleef-3.5.1/src/libm-tester/tester2ld.c:133:65: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. c.u128 = random() | ((__int128)random() << 31) | ((__int128)random() << (31*2)) | ((__int128)random() << (31*3)) | ((__int128)random() << (31*4)); data/sleef-3.5.1/src/libm-tester/tester2ld.c:133:98: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. c.u128 = random() | ((__int128)random() << 31) | ((__int128)random() << (31*2)) | ((__int128)random() << (31*3)) | ((__int128)random() << (31*4)); data/sleef-3.5.1/src/libm-tester/tester2ld.c:133:131: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. c.u128 = random() | ((__int128)random() << 31) | ((__int128)random() << (31*2)) | ((__int128)random() << (31*3)) | ((__int128)random() << (31*4)); data/sleef-3.5.1/src/libm-tester/tester2ld.c:179:3: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srandom(time(NULL)); data/sleef-3.5.1/src/libm-tester/tester2ld.c:198:32: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. cd.d = rint((2 * (double)random() / RAND_MAX - 1) * 1e+10) * M_PI_4; data/sleef-3.5.1/src/libm-tester/tester2ld.c:199:19: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. cd.u128 += (random() & 0xff) - 0x7f; data/sleef-3.5.1/src/libm-tester/tester2qp.c:93:10: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. switch(random() & 15) { data/sleef-3.5.1/src/libm-tester/tester2qp.c:157:3: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srandom(time(NULL)); data/sleef-3.5.1/src/libm-tester/tester2qp.c:176:32: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. cd.d = rint((2 * (double)random() / RAND_MAX - 1) * 1e+10) * M_PI_4; data/sleef-3.5.1/src/libm-tester/tester2qp.c:177:19: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. cd.u128 += (random() & 0xff) - 0x7f; data/sleef-3.5.1/src/libm-tester/tester2simddp.c:209:10: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. switch(random() & 63) { data/sleef-3.5.1/src/libm-tester/tester2simddp.c:210:38: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. case 0: return nexttoward0( 0.0, -(random() & ((1 << (random() & 31)) - 1))); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:210:57: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. case 0: return nexttoward0( 0.0, -(random() & ((1 << (random() & 31)) - 1))); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:211:38: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. case 1: return nexttoward0(-0.0, -(random() & ((1 << (random() & 31)) - 1))); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:211:57: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. case 1: return nexttoward0(-0.0, -(random() & ((1 << (random() & 31)) - 1))); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:212:42: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. case 2: return nexttoward0( INFINITY, (random() & ((1 << (random() & 31)) - 1))); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:212:61: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. case 2: return nexttoward0( INFINITY, (random() & ((1 << (random() & 31)) - 1))); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:213:42: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. case 3: return nexttoward0(-INFINITY, (random() & ((1 << (random() & 31)) - 1))); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:213:61: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. case 3: return nexttoward0(-INFINITY, (random() & ((1 << (random() & 31)) - 1))); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:218:11: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. c.u64 = random() | ((uint64_t)random() << 31) | ((uint64_t)random() << 62); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:218:33: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. c.u64 = random() | ((uint64_t)random() << 31) | ((uint64_t)random() << 62); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:218:62: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. c.u64 = random() | ((uint64_t)random() << 31) | ((uint64_t)random() << 62); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:229:13: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. c.u64 = random() | ((uint64_t)random() << 31) | ((uint64_t)random() << 62); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:229:35: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. c.u64 = random() | ((uint64_t)random() << 31) | ((uint64_t)random() << 62); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:229:64: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. c.u64 = random() | ((uint64_t)random() << 31) | ((uint64_t)random() << 62); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:241:13: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. c.u64 = random() | ((uint64_t)random() << 31) | ((uint64_t)random() << 62); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:241:35: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. c.u64 = random() | ((uint64_t)random() << 31) | ((uint64_t)random() << 62); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:241:64: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. c.u64 = random() | ((uint64_t)random() << 31) | ((uint64_t)random() << 62); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:312:3: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srandom(time(NULL)); data/sleef-3.5.1/src/libm-tester/tester2simddp.c:325:18: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. cd.i64 += (random() & 0xff) - 0x7f; data/sleef-3.5.1/src/libm-tester/tester2simddp.c:333:18: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. cd.i64 += (random() & 0xf) - 0x7; data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:215:10: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. switch(random() & 63) { data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:216:39: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. case 0: return nexttoward0f( 0.0, -(random() & ((1 << (random() & 31)) - 1))); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:216:58: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. case 0: return nexttoward0f( 0.0, -(random() & ((1 << (random() & 31)) - 1))); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:217:39: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. case 1: return nexttoward0f(-0.0, -(random() & ((1 << (random() & 31)) - 1))); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:217:58: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. case 1: return nexttoward0f(-0.0, -(random() & ((1 << (random() & 31)) - 1))); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:218:43: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. case 2: return nexttoward0f( INFINITY, (random() & ((1 << (random() & 31)) - 1))); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:218:62: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. case 2: return nexttoward0f( INFINITY, (random() & ((1 << (random() & 31)) - 1))); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:219:43: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. case 3: return nexttoward0f(-INFINITY, (random() & ((1 << (random() & 31)) - 1))); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:219:62: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. case 3: return nexttoward0f(-INFINITY, (random() & ((1 << (random() & 31)) - 1))); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:224:21: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. c.u32 = (uint32_t)random() | ((uint32_t)random() << 31); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:224:43: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. c.u32 = (uint32_t)random() | ((uint32_t)random() << 31); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:235:23: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. c.u32 = (uint32_t)random() | ((uint32_t)random() << 31); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:235:45: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. c.u32 = (uint32_t)random() | ((uint32_t)random() << 31); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:247:23: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. c.u32 = (uint32_t)random() | ((uint32_t)random() << 31); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:247:45: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. c.u32 = (uint32_t)random() | ((uint32_t)random() << 31); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:284:3: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srandom(time(NULL)); data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:297:18: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. cd.i32 += (random() & 0xff) - 0x7f; data/sleef-3.5.1/src/libm-tester/tester2simdsp.c:305:18: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. cd.i32 += (random() & 0xf) - 0x7; data/sleef-3.5.1/src/libm-tester/tester2sp.c:65:10: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. switch(random() & 63) { data/sleef-3.5.1/src/libm-tester/tester2sp.c:66:39: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. case 0: return nexttoward0f( 0.0, -(random() & ((1 << (random() & 31)) - 1))); data/sleef-3.5.1/src/libm-tester/tester2sp.c:66:58: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. case 0: return nexttoward0f( 0.0, -(random() & ((1 << (random() & 31)) - 1))); data/sleef-3.5.1/src/libm-tester/tester2sp.c:67:39: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. case 1: return nexttoward0f(-0.0, -(random() & ((1 << (random() & 31)) - 1))); data/sleef-3.5.1/src/libm-tester/tester2sp.c:67:58: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. case 1: return nexttoward0f(-0.0, -(random() & ((1 << (random() & 31)) - 1))); data/sleef-3.5.1/src/libm-tester/tester2sp.c:68:43: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. case 2: return nexttoward0f( INFINITY, (random() & ((1 << (random() & 31)) - 1))); data/sleef-3.5.1/src/libm-tester/tester2sp.c:68:62: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. case 2: return nexttoward0f( INFINITY, (random() & ((1 << (random() & 31)) - 1))); data/sleef-3.5.1/src/libm-tester/tester2sp.c:69:43: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. case 3: return nexttoward0f(-INFINITY, (random() & ((1 << (random() & 31)) - 1))); data/sleef-3.5.1/src/libm-tester/tester2sp.c:69:62: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. case 3: return nexttoward0f(-INFINITY, (random() & ((1 << (random() & 31)) - 1))); data/sleef-3.5.1/src/libm-tester/tester2sp.c:74:21: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. c.u32 = (uint32_t)random() | ((uint32_t)random() << 31); data/sleef-3.5.1/src/libm-tester/tester2sp.c:74:43: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. c.u32 = (uint32_t)random() | ((uint32_t)random() << 31); data/sleef-3.5.1/src/libm-tester/tester2sp.c:85:23: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. c.u32 = (uint32_t)random() | ((uint32_t)random() << 31); data/sleef-3.5.1/src/libm-tester/tester2sp.c:85:45: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. c.u32 = (uint32_t)random() | ((uint32_t)random() << 31); data/sleef-3.5.1/src/libm-tester/tester2sp.c:97:23: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. c.u32 = (uint32_t)random() | ((uint32_t)random() << 31); data/sleef-3.5.1/src/libm-tester/tester2sp.c:97:45: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. c.u32 = (uint32_t)random() | ((uint32_t)random() << 31); data/sleef-3.5.1/src/libm-tester/tester2sp.c:116:3: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srandom(time(NULL)); data/sleef-3.5.1/src/libm-tester/tester2sp.c:128:18: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. cd.i32 += (random() & 0xff) - 0x7f; data/sleef-3.5.1/src/libm-tester/tester2sp.c:136:18: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. cd.i32 += (random() & 0xf) - 0x7; data/sleef-3.5.1/src/libm-tester/tester2sp.c:679:18: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. int exp = (random() & 8191) - 4096; data/sleef-3.5.1/src/quad-tester/tester2simdqp.c:153:3: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srandom(time(NULL) + (((int)getpid()) << 12)); data/sleef-3.5.1/doc/html/tutorial.c:28:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (argc == 2) n = 1 << atoi(argv[1]); data/sleef-3.5.1/src/arch/helperadvsimd.h:797:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&vm2, p, VECTLENDP * 16); data/sleef-3.5.1/src/arch/helperadvsimd.h:811:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&aq, &vm2, VECTLENDP * 16); data/sleef-3.5.1/src/arch/helperavx.h:626:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&vm2, p, VECTLENDP * 16); data/sleef-3.5.1/src/arch/helperavx.h:640:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&aq, &vm2, VECTLENDP * 16); data/sleef-3.5.1/src/arch/helperavx2.h:466:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&vm2, p, VECTLENDP * 16); data/sleef-3.5.1/src/arch/helperavx2.h:480:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&aq, &vm2, VECTLENDP * 16); data/sleef-3.5.1/src/arch/helperavx512f.h:578:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&vm2, p, VECTLENDP * 16); data/sleef-3.5.1/src/arch/helperavx512f.h:592:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&aq, &vm2, VECTLENDP * 16); data/sleef-3.5.1/src/arch/helperpurec_scalar.h:416:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&vm2, p, VECTLENDP * 16); data/sleef-3.5.1/src/arch/helperpurec_scalar.h:427:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&aq, &vm2, VECTLENDP * 16); data/sleef-3.5.1/src/arch/helpersse2.h:478:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&vm2, p, VECTLENDP * 16); data/sleef-3.5.1/src/arch/helpersse2.h:492:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&aq, &vm2, VECTLENDP * 16); data/sleef-3.5.1/src/arch/helpersve.h:1103:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&vm2, p, VECTLENDP * 16); data/sleef-3.5.1/src/arch/helpersve.h:1117:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&aq, &vm2, VECTLENDP * 16); data/sleef-3.5.1/src/common/arraymap.c:27:37: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). static FILE *OPENTMPFILE() { return tmpfile(); } data/sleef-3.5.1/src/common/arraymap.c:39:37: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). static FILE *OPENTMPFILE() { return fopen("tmpfile.txt", "w+"); } data/sleef-3.5.1/src/common/arraymap.c:214:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(fn, "r"); data/sleef-3.5.1/src/common/arraymap.c:228:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(prefix2, " : "); data/sleef-3.5.1/src/common/arraymap.c:287:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(prefix2, " : "); data/sleef-3.5.1/src/common/arraymap.c:292:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(fn, "a+"); data/sleef-3.5.1/src/common/common.c:70:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char x86BrandString[256]; data/sleef-3.5.1/src/common/f128util.h:33:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[128]; data/sleef-3.5.1/src/common/f128util.h:39:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[128]; data/sleef-3.5.1/src/common/f128util.h:44:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char frstr[16][1000]; data/sleef-3.5.1/src/dft-tester/bench1d.c:45:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int log2n = atoi(argv[1]); data/sleef-3.5.1/src/dft-tester/fftwtest1d.c:205:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). const int n = 1 << atoi(argv[1]); data/sleef-3.5.1/src/dft-tester/fftwtest2d.c:123:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). const int n = 1 << atoi(argv[1]); data/sleef-3.5.1/src/dft-tester/fftwtest2d.c:124:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). const int m = 1 << atoi(argv[2]); data/sleef-3.5.1/src/dft-tester/measuredft.c:39:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (argc > 1) start = atoi(argv[1]); data/sleef-3.5.1/src/dft-tester/measuredft.c:40:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (argc > 2) end = atoi(argv[2]); data/sleef-3.5.1/src/dft-tester/naivetest.c:466:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). const int n = 1 << atoi(argv[1]); data/sleef-3.5.1/src/dft-tester/roundtriptest1d.c:152:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). const int n = 1 << atoi(argv[1]); data/sleef-3.5.1/src/dft-tester/roundtriptest1d.c:153:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). const int nloop = argc >= 3 ? atoi(argv[2]) : 1; data/sleef-3.5.1/src/dft-tester/roundtriptest2d.c:98:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). const int n = 1 << atoi(argv[1]); data/sleef-3.5.1/src/dft-tester/roundtriptest2d.c:99:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). const int m = 1 << atoi(argv[2]); data/sleef-3.5.1/src/dft-tester/roundtriptest2d.c:100:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). const int nloop = argc >= 4 ? atoi(argv[3]) : 1; data/sleef-3.5.1/src/dft-tester/tutorial.c:33:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (argc == 2) n = 1 << atoi(argv[1]); data/sleef-3.5.1/src/dft/dft.c:1359:76: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if ((p->mode & SLEEF_MODE_VERBOSE) != 0) printf("ISA : %s %d bit %s\n", (char *)(*GETPTR[p->isa])(0), (int)(GETINT[p->isa](GETINT_VECWIDTH) * sizeof(real) * 16), BASETYPESTRING); data/sleef-3.5.1/src/dft/mkdispatch.c:22:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). const int maxbutwidth = atoi(argv[2]); data/sleef-3.5.1/src/dft/mkunroll.c:29:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newstr, str, replace_pos); data/sleef-3.5.1/src/dft/mkunroll.c:30:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newstr + replace_pos, replace, replaceLen); data/sleef-3.5.1/src/dft/mkunroll.c:31:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newstr + replace_pos + replaceLen, str + replace_pos + patLen, tail_len+1); data/sleef-3.5.1/src/dft/mkunroll.c:41:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[LEN+10]; data/sleef-3.5.1/src/dft/mkunroll.c:60:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char configString[100]; data/sleef-3.5.1/src/dft/mkunroll.c:61:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(configString, "%d", config); data/sleef-3.5.1/src/dft/mkunroll.c:63:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fpin = fopen("unroll0.org", "r"); data/sleef-3.5.1/src/dft/mkunroll.c:66:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fpout = fopen(line, "w"); data/sleef-3.5.1/src/gencoef/gencoef.c:57:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char estr[10]; data/sleef-3.5.1/src/gencoef/gencoef.c:58:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(estr, "e%+d", (int)e); data/sleef-3.5.1/src/gencoef/gencoef.c:180:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). n = argc >= 2 ? atoi(argv[1]) : S; data/sleef-3.5.1/src/libm-benchmarks/benchsleef.c:72:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[1024]; data/sleef-3.5.1/src/libm-benchmarks/benchsleef.c:96:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(fn, "w"); data/sleef-3.5.1/src/libm-benchmarks/benchsleef.c:108:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(fn, "w"); data/sleef-3.5.1/src/libm-benchmarks/benchsleef.c:120:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(fn, "w"); data/sleef-3.5.1/src/libm-benchmarks/benchsleef.c:132:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(fn, "w"); data/sleef-3.5.1/src/libm-benchmarks/benchsleef128.c:17:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char x86BrandString[256], versionString[1024]; data/sleef-3.5.1/src/libm-benchmarks/benchsleef256.c:17:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char x86BrandString[256], versionString[1024]; data/sleef-3.5.1/src/libm-benchmarks/benchsleef512.c:17:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char x86BrandString[256], versionString[1024]; data/sleef-3.5.1/src/libm-benchmarks/benchsvml.c:81:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[1024]; data/sleef-3.5.1/src/libm-benchmarks/benchsvml.c:109:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(fn, "w"); data/sleef-3.5.1/src/libm-benchmarks/benchsvml.c:120:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(fn, "w"); data/sleef-3.5.1/src/libm-benchmarks/benchsvml.c:131:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(fn, "w"); data/sleef-3.5.1/src/libm-benchmarks/benchsvml.c:142:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(fn, "w"); data/sleef-3.5.1/src/libm-benchmarks/benchsvml128.c:19:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char x86BrandString[256], versionString[1024]; data/sleef-3.5.1/src/libm-benchmarks/benchsvml256.c:19:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char x86BrandString[256], versionString[1024]; data/sleef-3.5.1/src/libm-benchmarks/benchsvml512.c:19:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char x86BrandString[256], versionString[1024]; data/sleef-3.5.1/src/libm-tester/iut.c:32:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/sleef-3.5.1/src/libm-tester/iutsimd.c:578:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/sleef-3.5.1/src/libm-tester/tester.c:57:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf0[1], buf1[1]; data/sleef-3.5.1/src/libm-tester/tester.c:98:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[256]; \ data/sleef-3.5.1/src/libm-tester/tester.c:108:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[256]; \ data/sleef-3.5.1/src/libm-tester/tester.c:121:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[256]; \ data/sleef-3.5.1/src/libm-tester/tester.c:209:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[256]; data/sleef-3.5.1/src/libm-tester/tester.c:212:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "ldexp %" PRIx64 " %" PRIx64 "\n", d2u(x), d2u(q)); data/sleef-3.5.1/src/libm-tester/tester.c:220:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[256]; data/sleef-3.5.1/src/libm-tester/tester.c:223:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "ilogb %" PRIx64 "\n", d2u(x)); data/sleef-3.5.1/src/libm-tester/tester.c:233:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[256]; \ data/sleef-3.5.1/src/libm-tester/tester.c:243:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[256]; \ data/sleef-3.5.1/src/libm-tester/tester.c:256:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[256]; \ data/sleef-3.5.1/src/libm-tester/tester.c:346:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[256]; data/sleef-3.5.1/src/libm-tester/tester.c:349:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "ldexpf %x %x\n", f2u(x), f2u(q)); data/sleef-3.5.1/src/libm-tester/tester.c:357:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[256]; data/sleef-3.5.1/src/libm-tester/tester.c:360:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "ilogbf %x\n", f2u(x)); data/sleef-3.5.1/src/libm-tester/tester.c:5016:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *argv2[argc+2], *commandSde = NULL; data/sleef-3.5.1/src/libm-tester/tester.c:5050:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[256]; data/sleef-3.5.1/src/libm-tester/tester3.c:123:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char d[16], mes[64], buf[64]; \ data/sleef-3.5.1/src/libm-tester/tester3.c:141:34: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char t = ((unsigned char *)ptr)[k]; \ data/sleef-3.5.1/src/libm-tester/tester3.c:142:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((unsigned char *)ptr)[k] = ((unsigned char *)ptr)[len-1-k]; \ data/sleef-3.5.1/src/libm-tester/tester3.c:142:44: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((unsigned char *)ptr)[k] = ((unsigned char *)ptr)[len-1-k]; \ data/sleef-3.5.1/src/libm-tester/tester3.c:143:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((unsigned char *)ptr)[len-1-k] = t; \ data/sleef-3.5.1/src/libm-tester/tester3.c:300:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(argv[1], "r"); data/sleef-3.5.1/src/libm/addSuffix.c:26:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[N+10], *p = buf; data/sleef-3.5.1/src/libm/addSuffix.c:142:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(argv[2], "r"); data/sleef-3.5.1/src/libm/addSuffix.c:148:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[N]; data/sleef-3.5.1/src/libm/addSuffix.c:165:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(argv[1], "r"); data/sleef-3.5.1/src/libm/mkalias.c:21:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int vw = atoi(argv[1]); data/sleef-3.5.1/src/libm/mkalias.c:40:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *vparameterStr[7] = { "v", "vv", "", "vv", "v", "vvv", "" }; data/sleef-3.5.1/src/libm/mkalias.c:42:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char returnType[9][1000]; data/sleef-3.5.1/src/libm/mkalias.c:43:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char argType0[9][1000]; data/sleef-3.5.1/src/libm/mkalias.c:44:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char argType1[9][1000]; data/sleef-3.5.1/src/libm/mkalias.c:53:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(returnType[7], "int"); data/sleef-3.5.1/src/libm/mkalias.c:54:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(returnType[8], "void *"); data/sleef-3.5.1/src/libm/mkalias.c:63:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(argType0[7], "int"); data/sleef-3.5.1/src/libm/mkalias.c:64:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(argType0[8], "int"); data/sleef-3.5.1/src/libm/mkalias.c:73:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(argType1[7], "int a0"); data/sleef-3.5.1/src/libm/mkalias.c:74:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(argType1[8], "int a0"); data/sleef-3.5.1/src/libm/mkdisp.c:20:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). const int wdp = atoi(argv[1]), wsp = atoi(argv[2]); data/sleef-3.5.1/src/libm/mkdisp.c:20:40: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). const int wdp = atoi(argv[1]), wsp = atoi(argv[2]); data/sleef-3.5.1/src/libm/mkdisp.c:25:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ulpSuffix0[100] = "", ulpSuffix1[100] = "_"; data/sleef-3.5.1/src/libm/mkdisp.c:27:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ulpSuffix0, "_u%02d", funcList[i].ulp); data/sleef-3.5.1/src/libm/mkdisp.c:28:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ulpSuffix1, "_u%02d", funcList[i].ulp); data/sleef-3.5.1/src/libm/mkmasked_gnuabi.c:25:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). const int vw = atoi(argv[3]); data/sleef-3.5.1/src/libm/mkmasked_gnuabi.c:48:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char vparameterStr[7][LEN] = { "v", "vv", "vl8l8", "vv", "v", "vvv", "vl8" }; data/sleef-3.5.1/src/libm/mkmasked_gnuabi.c:51:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char funcname[4][LEN]; data/sleef-3.5.1/src/quad-tester/qiutsimd.c:224:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[64]; \ data/sleef-3.5.1/src/quad-tester/qiutsimd.c:243:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[64]; \ data/sleef-3.5.1/src/quad-tester/qiutsimd.c:264:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/sleef-3.5.1/src/quad-tester/qtester.c:53:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf0[1], buf1[1]; data/sleef-3.5.1/src/quad-tester/qtester.c:101:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[256]; \ data/sleef-3.5.1/src/quad-tester/qtester.c:112:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[256]; \ data/sleef-3.5.1/src/quad-tester/qtester.c:124:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[256]; \ data/sleef-3.5.1/src/quad-tester/qtester.c:136:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[256]; \ data/sleef-3.5.1/src/quad-tester/qtester.c:149:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[256]; \ data/sleef-3.5.1/src/quad-tester/qtester.c:161:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[256]; \ data/sleef-3.5.1/src/quad-tester/qtester.c:172:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[256]; \ data/sleef-3.5.1/src/quad-tester/qtester.c:182:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[256]; \ data/sleef-3.5.1/src/quad-tester/qtester.c:634:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[100]; data/sleef-3.5.1/src/quad-tester/qtester.c:650:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *argv2[argc+2], *commandSde = NULL; data/sleef-3.5.1/src/quad-tester/qtester.c:678:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[256]; data/sleef-3.5.1/src/quad-tester/qtesterutil.c:245:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "%cinf", sign < 0 ? '-' : '+'); data/sleef-3.5.1/src/quad-tester/qtesterutil.c:247:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "nan"); data/sleef-3.5.1/src/quad-tester/qtesterutil.c:256:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char es[32]; data/sleef-3.5.1/src/quad-tester/qtesterutil.c:586:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "%016llx%016llx", (unsigned long long)c128.h, (unsigned long long)c128.l); data/sleef-3.5.1/src/quad-tester/tester2simdqp.c:458:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[64]; data/sleef-3.5.1/src/quad/sleefsimdqp.c:2775:33: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (visnanq_vo_vm2(c128.q)) { sprintf(p, "nan"); return; } data/sleef-3.5.1/src/quad/sleefsimdqp.c:2784:33: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (visinfq_vo_vm2(c128.q)) { sprintf(p, "inf"); return; } data/sleef-3.5.1/src/quad/sleefsimdqp.c:2819:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(p, "%d", e); data/sleef-3.5.1/src/quad/sleefsimdqp.c:2841:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[200]; data/sleef-3.5.1/src/common/arraymap.c:209:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int idstrlen = strlen(idstr); data/sleef-3.5.1/src/common/arraymap.c:210:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int prefixLen = strlen(prefix) + 3; data/sleef-3.5.1/src/common/arraymap.c:229:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefixLen = strlen(prefix2); data/sleef-3.5.1/src/common/arraymap.c:273:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int idstrlen = strlen(idstr); data/sleef-3.5.1/src/common/arraymap.c:274:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int prefixLen = strlen(prefix) + 3; data/sleef-3.5.1/src/common/arraymap.c:288:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefixLen = strlen(prefix2); data/sleef-3.5.1/src/common/arraymap.c:325:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(value) + prefixLen >= LINELEN-10) continue; data/sleef-3.5.1/src/common/arraymap.c:333:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fwrite(idstr, sizeof(char), strlen(idstr), fp); data/sleef-3.5.1/src/dft/dftcommon.c:64:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(c=3;c>=0;c--) if (strncmp(p+1, configStr[c], strlen(configStr[c])) == 0) break; data/sleef-3.5.1/src/dft/dftcommon.c:66:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(configStr[c]) + 1; data/sleef-3.5.1/src/dft/dftcommon.c:209:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dftPlanFilePath = malloc(strlen(path)+10); data/sleef-3.5.1/src/dft/dftcommon.c:217:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). archID = malloc(strlen(arch)+10); data/sleef-3.5.1/src/dft/mkunroll.c:14:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int replaceLen = strlen(replace); data/sleef-3.5.1/src/dft/mkunroll.c:15:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int patLen = strlen(pat); data/sleef-3.5.1/src/dft/mkunroll.c:17:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *str = malloc(strlen(in)+1); data/sleef-3.5.1/src/dft/mkunroll.c:25:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int tail_len = strlen(p + patLen); data/sleef-3.5.1/src/dft/mkunroll.c:27:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *newstr = malloc(strlen(str) + (replaceLen - patLen) + 1); data/sleef-3.5.1/src/gencoef/gencoef.c:48:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *ret = malloc(strlen(s) + 20); data/sleef-3.5.1/src/libm-tester/tester.c:101:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(ptoc[1], str, strlen(str)); \ data/sleef-3.5.1/src/libm-tester/tester.c:111:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(ptoc[1], str, strlen(str)); \ data/sleef-3.5.1/src/libm-tester/tester.c:124:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(ptoc[1], str, strlen(str)); \ data/sleef-3.5.1/src/libm-tester/tester.c:213:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(ptoc[1], str, strlen(str)); data/sleef-3.5.1/src/libm-tester/tester.c:224:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(ptoc[1], str, strlen(str)); data/sleef-3.5.1/src/libm-tester/tester.c:236:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(ptoc[1], str, strlen(str)); \ data/sleef-3.5.1/src/libm-tester/tester.c:246:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(ptoc[1], str, strlen(str)); \ data/sleef-3.5.1/src/libm-tester/tester.c:259:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(ptoc[1], str, strlen(str)); \ data/sleef-3.5.1/src/libm-tester/tester.c:350:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(ptoc[1], str, strlen(str)); data/sleef-3.5.1/src/libm-tester/tester.c:361:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(ptoc[1], str, strlen(str)); data/sleef-3.5.1/src/libm-tester/tester3.c:130:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp((char *)mes, (char *)buf, strlen((char *)mes)) != 0) { \ data/sleef-3.5.1/src/libm-tester/testerutil.c:69:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). i = read(fd, buf, 1); data/sleef-3.5.1/src/libm/addSuffix.c:29:13: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int c = getc(fp); data/sleef-3.5.1/src/libm/addSuffix.c:40:11: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int c2 = getc(fp); data/sleef-3.5.1/src/libm/addSuffix.c:50:10: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc(fp); data/sleef-3.5.1/src/libm/addSuffix.c:60:8: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc(fp); data/sleef-3.5.1/src/libm/addSuffix.c:94:7: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). putc(getc(fp), stdout); data/sleef-3.5.1/src/libm/addSuffix.c:106:7: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). putc(getc(fp), stdout); data/sleef-3.5.1/src/libm/addSuffix.c:117:11: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int c2 = getc(fp); data/sleef-3.5.1/src/libm/addSuffix.c:151:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(buf) >= 1) buf[strlen(buf)-1] = '\0'; data/sleef-3.5.1/src/libm/addSuffix.c:151:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(buf) >= 1) buf[strlen(buf)-1] = '\0'; data/sleef-3.5.1/src/libm/addSuffix.c:152:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). keywords[nkeywords] = malloc(sizeof(char) * (strlen(buf) + 1)); data/sleef-3.5.1/src/libm/mkrename.c:16:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *ret = malloc(strlen(str) + 10); data/sleef-3.5.1/src/quad-tester/qtester.c:105:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(ptoc[1], str, strlen(str)); \ data/sleef-3.5.1/src/quad-tester/qtester.c:116:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(ptoc[1], str, strlen(str)); \ data/sleef-3.5.1/src/quad-tester/qtester.c:129:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(ptoc[1], str, strlen(str)); \ data/sleef-3.5.1/src/quad-tester/qtester.c:141:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(ptoc[1], str, strlen(str)); \ data/sleef-3.5.1/src/quad-tester/qtester.c:153:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(ptoc[1], str, strlen(str)); \ data/sleef-3.5.1/src/quad-tester/qtester.c:164:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(ptoc[1], str, strlen(str)); \ data/sleef-3.5.1/src/quad-tester/qtester.c:174:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(ptoc[1], str, strlen(str)); \ data/sleef-3.5.1/src/quad-tester/qtester.c:186:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(ptoc[1], str, strlen(str)); \ data/sleef-3.5.1/src/quad-tester/qtester.c:188:5: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(str, "%63s", ret); \ data/sleef-3.5.1/src/quad-tester/qtesterutil.c:48:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). i = read(fd, buf, 1); data/sleef-3.5.1/src/quad-tester/qtesterutil.c:64:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strncmp(str, prefix, strlen(prefix)) == 0; data/sleef-3.5.1/src/quad-tester/qtesterutil.c:258:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(s, es, digits+10); ANALYSIS SUMMARY: Hits = 662 Lines analyzed = 57068 in approximately 2.24 seconds (25452 lines/second) Physical Source Lines of Code (SLOC) = 45451 Hits@level = [0] 1675 [1] 53 [2] 139 [3] 132 [4] 338 [5] 0 Hits@level+ = [0+] 2337 [1+] 662 [2+] 609 [3+] 470 [4+] 338 [5+] 0 Hits/KSLOC@level+ = [0+] 51.418 [1+] 14.5651 [2+] 13.399 [3+] 10.3408 [4+] 7.43658 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.