Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/dependent_libraries/library1/library1.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/dependent_libraries/library2/library2.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/dependent_libraries/library3/library3.cpp
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/dependent_libraries/library3/library3.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/dependent_libraries/library4/library4.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/ANewLibrary-master/anewlibrary.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/Balanduino/Balanduino.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/Balanduino/Kalman.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/Balanduino/PS3BT.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/Balanduino/SPP.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/Balanduino/Wii.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/Balanduino/XBOXRECV.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/Balanduino/adk.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/Balanduino/usbhub.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/FakeAudio/Audio.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/FakeAudio/FakeAudio.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/IRremote/IRremote.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/IRremote/IRremoteInt.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/SPI/SPI.cpp
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/SPI/SPI.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/ShouldNotRecurseWithOldLibs/ShouldNotRecurseWithOldLibs.cpp
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/ShouldNotRecurseWithOldLibs/ShouldNotRecurseWithOldLibs.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/ShouldNotRecurseWithOldLibs/doc/error.cpp
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/ShouldNotRecurseWithOldLibs/utility/utils.cpp
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/ShouldNotRecurseWithOldLibs/utility/utils.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/KeyboardController.cpp
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/KeyboardController.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/MouseController.cpp
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/MouseController.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/Usb.cpp
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/Usb.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/UsbCore.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/address.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/adk.cpp
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/adk.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/confdescparser.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/hexdump.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/hid.cpp
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/hid.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/hidboot.cpp
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/hidboot.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/hidescriptorparser.cpp
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/hidescriptorparser.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/hiduniversal.cpp
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/hiduniversal.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/hidusagestr.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/macros.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/message.cpp
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/message.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/parsetools.cpp
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/parsetools.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/printhex.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/sink_parser.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/usb_ch9.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/usbhub.cpp
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/usbhub.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/testlib1/testlib1.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/testlib2/testlib2.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/testlib3/testlib3.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/testlib4/testlib4.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/sketch1/header.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/sketch1/src/helper.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/sketch2/empty_1.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/sketch2/empty_2.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/sketch_with_config/config.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/sketch_with_config/src/includes/de bug.cpp
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/sketch_with_config/src/includes/de bug.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/sketch_with_function_pointer/CallbackBug.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/sketch_with_subfolders/src/subfolder/other.cpp
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/sketch_with_subfolders/src/subfolder/other.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/sketch_with_subfolders/subfolder/dont_load_me.cpp
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/sketch_with_subfolders/subfolder/other.h
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/sketch_with_templates_and_shift/template_and_shift.cpp
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/user_hardware/my_avr_platform/avr/libraries/SPI/SPI.cpp
Examining data/arduino-builder-1.3.25/src/arduino.cc/builder/test/user_hardware/my_avr_platform/avr/libraries/SPI/SPI.h
FINAL RESULTS:
data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/Usb.cpp:180:50: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rcode = InTransfer(pep, nak_limit, (uint8_t*)&read, dataptr);
data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/Usb.cpp:195:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
((USBReadParser*)p)->Parse(read, dataptr, total - left);
data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/adk.h:140:87: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return ( pUsb->ctrlReq(bAddress, 0, bmREQ_ADK_SEND, ADK_SENDSTR, 0, 0, index, strlen(str) + 1, strlen(str) + 1, (uint8_t*)str, NULL));
data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/adk.h:140:104: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return ( pUsb->ctrlReq(bAddress, 0, bmREQ_ADK_SEND, ADK_SENDSTR, 0, 0, index, strlen(str) + 1, strlen(str) + 1, (uint8_t*)str, NULL));
data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/hidboot.h:575:110: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rcode = pUsb->inTransfer(bAddress, epInfo[epInterruptInIndex + i].epAddr, (uint8_t*)&read, buf);
data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/hidboot.h:578:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(!rcode && read > 2) {
data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/hidboot.h:580:86: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
pRptParser[i]->Parse((HID*)this, 0, (uint8_t)read, buf);
data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/hidboot.h:587:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(!rcode && read) {
data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/hidboot.h:588:87: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
USBTRACE3("(hidboot.h) Strange read count: ", read, 0x80);
data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/hidboot.h:593:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(!rcode && read && (UsbDEBUGlvl > 0x7f)) {
data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/hidboot.h:594:56: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(uint8_t i = 0; i < read; i++) {
data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/hidboot.h:598:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(read)
data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/hiduniversal.cpp:385:101: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint8_t rcode = pUsb->inTransfer(bAddress, epInfo[index].epAddr, (uint8_t*)&read, buf);
data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/hiduniversal.cpp:393:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(read > constBuffLen)
data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/hiduniversal.cpp:396:59: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool identical = BuffersIdentical(read, buf, prevBuf);
data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/hiduniversal.cpp:398:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
SaveBuffer(read, buf, prevBuf);
data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/hiduniversal.cpp:405:48: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(uint8_t i = 0; i < read; i++) {
data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/hiduniversal.cpp:412:67: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ParseHIDData(this, bHasReportId, (uint8_t)read, buf);
data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/hiduniversal.cpp:417:73: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
prs->Parse(this, bHasReportId, (uint8_t)read, buf);
data/arduino-builder-1.3.25/src/arduino.cc/builder/test/libraries/USBHost/src/usbhub.cpp:246:58: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rcode = pUsb->inTransfer(bAddress, 1, (uint8_t*)&read, buf);
ANALYSIS SUMMARY:
Hits = 20
Lines analyzed = 9531 in approximately 0.30 seconds (31474 lines/second)
Physical Source Lines of Code (SLOC) = 6801
Hits@level = [0] 17 [1] 20 [2] 0 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 37 [1+] 20 [2+] 0 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 5.44038 [1+] 2.94074 [2+] 0 [3+] 0 [4+] 0 [5+] 0
Symlinks skipped = 1 (--allowlink overrides but see doc for security issue)
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.