Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/topcom-0.17.8+ds/lib-src-reg/LPinterface.cc
Examining data/topcom-0.17.8+ds/lib-src-reg/RegularityCheck.cc
Examining data/topcom-0.17.8+ds/lib-src-reg/SPXinterface.cc
Examining data/topcom-0.17.8+ds/lib-src/Admissibles.cc
Examining data/topcom-0.17.8+ds/lib-src/CheckTriang.cc
Examining data/topcom-0.17.8+ds/lib-src/Circuits.cc
Examining data/topcom-0.17.8+ds/lib-src/Cocircuits.cc
Examining data/topcom-0.17.8+ds/lib-src/CommandlineOptions.cc
Examining data/topcom-0.17.8+ds/lib-src/CompressedIntegerSet.cc
Examining data/topcom-0.17.8+ds/lib-src/ComputeTriangs.cc
Examining data/topcom-0.17.8+ds/lib-src/Facets.cc
Examining data/topcom-0.17.8+ds/lib-src/FastSimplicialComplex.cc
Examining data/topcom-0.17.8+ds/lib-src/Field.cc
Examining data/topcom-0.17.8+ds/lib-src/FineTriang.cc
Examining data/topcom-0.17.8+ds/lib-src/Flip.cc
Examining data/topcom-0.17.8+ds/lib-src/IndexTableArray.cc
Examining data/topcom-0.17.8+ds/lib-src/IntegerSet.cc
Examining data/topcom-0.17.8+ds/lib-src/InteriorFacets.cc
Examining data/topcom-0.17.8+ds/lib-src/MarkedFlips.cc
Examining data/topcom-0.17.8+ds/lib-src/Matrix.cc
Examining data/topcom-0.17.8+ds/lib-src/Permutation.cc
Examining data/topcom-0.17.8+ds/lib-src/PlacingTriang.cc
Examining data/topcom-0.17.8+ds/lib-src/PointConfiguration.cc
Examining data/topcom-0.17.8+ds/lib-src/RealChiro.cc
Examining data/topcom-0.17.8+ds/lib-src/SimplicialComplex.cc
Examining data/topcom-0.17.8+ds/lib-src/SimplicialComplexTemplate.cc
Examining data/topcom-0.17.8+ds/lib-src/SparseIntegerSet.cc
Examining data/topcom-0.17.8+ds/lib-src/SparseSimplicialComplex.cc
Examining data/topcom-0.17.8+ds/lib-src/StairCaseMatrix.cc
Examining data/topcom-0.17.8+ds/lib-src/Symmetry.cc
Examining data/topcom-0.17.8+ds/lib-src/TriangFlips.cc
Examining data/topcom-0.17.8+ds/lib-src/TriangNode.cc
Examining data/topcom-0.17.8+ds/lib-src/Vector.cc
Examining data/topcom-0.17.8+ds/lib-src/VertexFacetTable.cc
Examining data/topcom-0.17.8+ds/lib-src/VertexFacetTableArray.cc
Examining data/topcom-0.17.8+ds/lib-src/VirtualChiro.cc
Examining data/topcom-0.17.8+ds/lib-src/SymmetricBFS.cc
Examining data/topcom-0.17.8+ds/src-reg/checkregularity.cc
Examining data/topcom-0.17.8+ds/src/B_A.cc
Examining data/topcom-0.17.8+ds/src/B_A_center.cc
Examining data/topcom-0.17.8+ds/src/B_D.cc
Examining data/topcom-0.17.8+ds/src/chiro2allfinetriangs.cc
Examining data/topcom-0.17.8+ds/src/chiro2alltriangs.cc
Examining data/topcom-0.17.8+ds/src/chiro2circuits.cc
Examining data/topcom-0.17.8+ds/src/chiro2cocircuits.cc
Examining data/topcom-0.17.8+ds/src/chiro2dual.cc
Examining data/topcom-0.17.8+ds/src/chiro2finetriang.cc
Examining data/topcom-0.17.8+ds/src/chiro2finetriangs.cc
Examining data/topcom-0.17.8+ds/src/chiro2mintriang.cc
Examining data/topcom-0.17.8+ds/src/chiro2nallfinetriangs.cc
Examining data/topcom-0.17.8+ds/src/chiro2nalltriangs.cc
Examining data/topcom-0.17.8+ds/src/chiro2nfinetriangs.cc
Examining data/topcom-0.17.8+ds/src/chiro2ntriangs.cc
Examining data/topcom-0.17.8+ds/src/chiro2placingtriang.cc
Examining data/topcom-0.17.8+ds/src/chiro2triangs.cc
Examining data/topcom-0.17.8+ds/src/cocircuits2facets.cc
Examining data/topcom-0.17.8+ds/src/cross.cc
Examining data/topcom-0.17.8+ds/src/cube.cc
Examining data/topcom-0.17.8+ds/src/cyclic.cc
Examining data/topcom-0.17.8+ds/src/hypersimplex.cc
Examining data/topcom-0.17.8+ds/src/lattice.cc
Examining data/topcom-0.17.8+ds/src/points2allfinetriangs.cc
Examining data/topcom-0.17.8+ds/src/points2alltriangs.cc
Examining data/topcom-0.17.8+ds/src/points2chiro.cc
Examining data/topcom-0.17.8+ds/src/points2facets.cc
Examining data/topcom-0.17.8+ds/src/points2finetriang.cc
Examining data/topcom-0.17.8+ds/src/points2finetriangs.cc
Examining data/topcom-0.17.8+ds/src/points2flips.cc
Examining data/topcom-0.17.8+ds/src/points2nallfinetriangs.cc
Examining data/topcom-0.17.8+ds/src/points2nalltriangs.cc
Examining data/topcom-0.17.8+ds/src/points2nfinetriangs.cc
Examining data/topcom-0.17.8+ds/src/points2nflips.cc
Examining data/topcom-0.17.8+ds/src/points2ntriangs.cc
Examining data/topcom-0.17.8+ds/src/points2placingtriang.cc
Examining data/topcom-0.17.8+ds/src/points2triangs.cc
Examining data/topcom-0.17.8+ds/src/points2volume.cc
Examining data/topcom-0.17.8+ds/src/santos_22_triang.cc
Examining data/topcom-0.17.8+ds/src/santos_dim4_triang.cc
Examining data/topcom-0.17.8+ds/src/santos_triang.cc
Examining data/topcom-0.17.8+ds/wrap-gmp-gmpxx/Integer.h
Examining data/topcom-0.17.8+ds/wrap-gmp-gmpxx/Rational.h
FINAL RESULTS:
data/topcom-0.17.8+ds/lib-src/RealChiro.cc:52:26: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
size_type random_index(random() % this->size());
data/topcom-0.17.8+ds/lib-src/CommandlineOptions.cc:132:33: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
_report_frequency = (size_type)atol(argv[i+1]);
data/topcom-0.17.8+ds/lib-src/CommandlineOptions.cc:180:38: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
_sometimes_frequency = (size_type)atol(argv[i+1]);
data/topcom-0.17.8+ds/lib-src/CommandlineOptions.cc:194:38: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
_sometimes_frequency = (size_type)atol(argv[i+1]);
data/topcom-0.17.8+ds/lib-src/CommandlineOptions.cc:204:32: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
_no_of_simplices = (size_type)atol(argv[i+1]);
data/topcom-0.17.8+ds/lib-src/CommandlineOptions.cc:264:27: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
_chirocache = (size_type)atol(argv[i+1]);
data/topcom-0.17.8+ds/lib-src/CommandlineOptions.cc:271:27: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
_localcache = (size_type)atol(argv[i+1]);
data/topcom-0.17.8+ds/lib-src/CommandlineOptions.cc:278:31: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
_dump_frequency = (size_type)atol(argv[i+1]);
data/topcom-0.17.8+ds/lib-src/CommandlineOptions.cc:286:31: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
_dump_rotations = (size_type)atol(argv[i+1]);
data/topcom-0.17.8+ds/lib-src/SymmetricBFS.cc:500:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_dump_str.open(filename_str.str().c_str(), std::ios::out | std::ios::trunc);
data/topcom-0.17.8+ds/src/B_A.cc:12:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
parameter_type n = atoi(argv[1]);
data/topcom-0.17.8+ds/src/B_A_center.cc:12:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
parameter_type n = atoi(argv[1]);
data/topcom-0.17.8+ds/src/B_D.cc:13:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
parameter_type n = atoi(argv[1]);
data/topcom-0.17.8+ds/src/cross.cc:16:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
size_type d(atol(argv[1]));
data/topcom-0.17.8+ds/src/cube.cc:55:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
size_type d(atol(argv[1]));
data/topcom-0.17.8+ds/src/cyclic.cc:11:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
size_type n = atoi(argv[1]);
data/topcom-0.17.8+ds/src/cyclic.cc:12:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
size_type d = atoi(argv[2]);
data/topcom-0.17.8+ds/src/hypersimplex.cc:49:17: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
size_type sum(atol(argv[1]));
data/topcom-0.17.8+ds/src/hypersimplex.cc:50:17: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
size_type dim(atol(argv[2]));
data/topcom-0.17.8+ds/src/lattice.cc:17:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
size_type m(atol(argv[1]));
data/topcom-0.17.8+ds/src/lattice.cc:18:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
size_type n(atol(argv[2]));
data/topcom-0.17.8+ds/lib-src/CompressedIntegerSet.cc:678:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
std::istream& CompressedIntegerSet::read(std::istream& ist) {
data/topcom-0.17.8+ds/lib-src/CompressedIntegerSet.cc:680:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reader.read(ist);
data/topcom-0.17.8+ds/lib-src/ComputeTriangs.cc:180:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!points.read(std::cin)) {
data/topcom-0.17.8+ds/lib-src/ComputeTriangs.cc:278:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!points.read(std::cin)) {
data/topcom-0.17.8+ds/lib-src/ComputeTriangs.cc:302:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (symmetries.read(std::cin)) {
data/topcom-0.17.8+ds/lib-src/ComputeTriangs.cc:322:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!seed.read(std::cin)) {
data/topcom-0.17.8+ds/lib-src/Facets.cc:78:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
std::istream& Facets::read(std::istream& ist) {
data/topcom-0.17.8+ds/lib-src/IntegerSet.cc:1347:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
std::istream& IntegerSet::read(std::istream& ist) {
data/topcom-0.17.8+ds/lib-src/SparseIntegerSet.cc:242:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
std::istream& SparseIntegerSet::read(std::istream& ist) {
data/topcom-0.17.8+ds/lib-src/SymmetricBFS.cc:513:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
std::istream& SymmetricBFS::read(std::istream& ist) {
data/topcom-0.17.8+ds/src-reg/checkregularity.cc:12:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!points.read(std::cin)) {
data/topcom-0.17.8+ds/src-reg/checkregularity.cc:19:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
symmetries.read(std::cin);
data/topcom-0.17.8+ds/src-reg/checkregularity.cc:24:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (triang.read(std::cin)) {
data/topcom-0.17.8+ds/src/points2facets.cc:20:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (points.read(std::cin)) {
ANALYSIS SUMMARY:
Hits = 35
Lines analyzed = 11329 in approximately 0.32 seconds (35941 lines/second)
Physical Source Lines of Code (SLOC) = 9617
Hits@level = [0] 0 [1] 14 [2] 20 [3] 1 [4] 0 [5] 0
Hits@level+ = [0+] 35 [1+] 35 [2+] 21 [3+] 1 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 3.63939 [1+] 3.63939 [2+] 2.18363 [3+] 0.103983 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.