Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/spline-1.2/utils.h
Examining data/spline-1.2/aspline.c
Examining data/spline-1.2/utils.c
FINAL RESULTS:
data/spline-1.2/aspline.c:377:15: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long(argc, argv, "a:?hl:n:u:vVW",
data/spline-1.2/aspline.c:306:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
infile=fopen(inname, "r");
data/spline-1.2/aspline.c:387:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'n': d=atoi(optarg); break;
data/spline-1.2/aspline.c:43:58: [1] (obsolete) ulimit:
This C routine is considered obsolete (as opposed to the shell command by
the same name, which is NOT obsolete) (CWE-676). Use getrlimit(2),
setrlimit(2), and sysconf(3) instead.
void computelimits(int s, int e, double *llimit, double *ulimit);
data/spline-1.2/aspline.c:44:67: [1] (obsolete) ulimit:
This C routine is considered obsolete (as opposed to the shell command by
the same name, which is NOT obsolete) (CWE-676). Use getrlimit(2),
setrlimit(2), and sysconf(3) instead.
void calcspline(int n, int d, double xstep, double llimit, double ulimit,
data/spline-1.2/aspline.c:47:67: [1] (obsolete) ulimit:
This C routine is considered obsolete (as opposed to the shell command by
the same name, which is NOT obsolete) (CWE-676). Use getrlimit(2),
setrlimit(2), and sysconf(3) instead.
int d, double xstep, double llimit, double ulimit,
data/spline-1.2/aspline.c:150:58: [1] (obsolete) ulimit:
This C routine is considered obsolete (as opposed to the shell command by
the same name, which is NOT obsolete) (CWE-676). Use getrlimit(2),
setrlimit(2), and sysconf(3) instead.
void computelimits(int s, int e, double *llimit, double *ulimit)
data/spline-1.2/aspline.c:158:17: [1] (obsolete) ulimit:
This C routine is considered obsolete (as opposed to the shell command by
the same name, which is NOT obsolete) (CWE-676). Use getrlimit(2),
setrlimit(2), and sysconf(3) instead.
if (x[i] > *ulimit) *ulimit=x[i];
data/spline-1.2/aspline.c:162:67: [1] (obsolete) ulimit:
This C routine is considered obsolete (as opposed to the shell command by
the same name, which is NOT obsolete) (CWE-676). Use getrlimit(2),
setrlimit(2), and sysconf(3) instead.
void calcspline(int n, int d, double xstep, double llimit, double ulimit,
data/spline-1.2/aspline.c:178:50: [1] (obsolete) ulimit:
This C routine is considered obsolete (as opposed to the shell command by
the same name, which is NOT obsolete) (CWE-676). Use getrlimit(2),
setrlimit(2), and sysconf(3) instead.
if (calclimit) computelimits(0,n,&llimit, &ulimit);
data/spline-1.2/aspline.c:271:52: [1] (obsolete) ulimit:
This C routine is considered obsolete (as opposed to the shell command by
the same name, which is NOT obsolete) (CWE-676). Use getrlimit(2),
setrlimit(2), and sysconf(3) instead.
if (calclimit) computelimits(2,n-2,&llimit, &ulimit);
data/spline-1.2/aspline.c:298:67: [1] (obsolete) ulimit:
This C routine is considered obsolete (as opposed to the shell command by
the same name, which is NOT obsolete) (CWE-676). Use getrlimit(2),
setrlimit(2), and sysconf(3) instead.
int d, double xstep, double llimit, double ulimit,
data/spline-1.2/aspline.c:336:41: [1] (obsolete) ulimit:
This C routine is considered obsolete (as opposed to the shell command by
the same name, which is NOT obsolete) (CWE-676). Use getrlimit(2),
setrlimit(2), and sysconf(3) instead.
calcspline(n, d, xstep, llimit, ulimit, calclimit); (*s)++;
data/spline-1.2/aspline.c:364:25: [1] (obsolete) ulimit:
This C routine is considered obsolete (as opposed to the shell command by
the same name, which is NOT obsolete) (CWE-676). Use getrlimit(2),
setrlimit(2), and sysconf(3) instead.
double xstep, llimit, ulimit; /* x-spacing, lower limit, upper limit */
data/spline-1.2/aspline.c:403:7: [1] (obsolete) ulimit:
This C routine is considered obsolete (as opposed to the shell command by
the same name, which is NOT obsolete) (CWE-676). Use getrlimit(2),
setrlimit(2), and sysconf(3) instead.
if (ulimit < llimit) {
data/spline-1.2/aspline.c:406:10: [1] (obsolete) ulimit:
This C routine is considered obsolete (as opposed to the shell command by
the same name, which is NOT obsolete) (CWE-676). Use getrlimit(2),
setrlimit(2), and sysconf(3) instead.
temp=ulimit; ulimit=llimit; llimit=temp;
data/spline-1.2/aspline.c:415:43: [1] (obsolete) ulimit:
This C routine is considered obsolete (as opposed to the shell command by
the same name, which is NOT obsolete) (CWE-676). Use getrlimit(2),
setrlimit(2), and sysconf(3) instead.
d, xstep, llimit, ulimit, calclimit, verbose,
data/spline-1.2/aspline.c:426:41: [1] (obsolete) ulimit:
This C routine is considered obsolete (as opposed to the shell command by
the same name, which is NOT obsolete) (CWE-676). Use getrlimit(2),
setrlimit(2), and sysconf(3) instead.
d, xstep, llimit, ulimit, calclimit, verbose,
data/spline-1.2/utils.c:72:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (((c=fgetc(stream)) != EOF) && (c != '\n')) {
ANALYSIS SUMMARY:
Hits = 19
Lines analyzed = 550 in approximately 0.03 seconds (16479 lines/second)
Physical Source Lines of Code (SLOC) = 355
Hits@level = [0] 15 [1] 16 [2] 2 [3] 1 [4] 0 [5] 0
Hits@level+ = [0+] 34 [1+] 19 [2+] 3 [3+] 1 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 95.7746 [1+] 53.5211 [2+] 8.4507 [3+] 2.8169 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.