Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/eclipse-linuxtools-7.4.0+dfsg.1/gcov/org.eclipse.linuxtools.gcov.test/resources/Gcov_CPP_test/fact.cpp Examining data/eclipse-linuxtools-7.4.0+dfsg.1/gcov/org.eclipse.linuxtools.gcov.test/resources/Gcov_CPP_test/fact.hpp Examining data/eclipse-linuxtools-7.4.0+dfsg.1/gcov/org.eclipse.linuxtools.gcov.test/resources/Gcov_CPP_test/main.cpp Examining data/eclipse-linuxtools-7.4.0+dfsg.1/gcov/org.eclipse.linuxtools.gcov.test/resources/Gcov_CPP_test/mult.cpp Examining data/eclipse-linuxtools-7.4.0+dfsg.1/gcov/org.eclipse.linuxtools.gcov.test/resources/Gcov_CPP_test/mult.hpp Examining data/eclipse-linuxtools-7.4.0+dfsg.1/gcov/org.eclipse.linuxtools.gcov.test/resources/Gcov_C_library_test/fact.c Examining data/eclipse-linuxtools-7.4.0+dfsg.1/gcov/org.eclipse.linuxtools.gcov.test/resources/Gcov_C_library_test/main.c Examining data/eclipse-linuxtools-7.4.0+dfsg.1/gcov/org.eclipse.linuxtools.gcov.test/resources/Gcov_C_library_test/mult.c Examining data/eclipse-linuxtools-7.4.0+dfsg.1/gcov/org.eclipse.linuxtools.gcov.test/resources/Gcov_C_test/fact.c Examining data/eclipse-linuxtools-7.4.0+dfsg.1/gcov/org.eclipse.linuxtools.gcov.test/resources/Gcov_C_test/main.c Examining data/eclipse-linuxtools-7.4.0+dfsg.1/gcov/org.eclipse.linuxtools.gcov.test/resources/Gcov_C_test/mult.c Examining data/eclipse-linuxtools-7.4.0+dfsg.1/gprof/org.eclipse.linuxtools.gprof.test/bigtest_gprof_input/src/bigtest.c Examining data/eclipse-linuxtools-7.4.0+dfsg.1/gprof/org.eclipse.linuxtools.gprof.test/foocpp_gprof_input/src/foox.cpp Examining data/eclipse-linuxtools-7.4.0+dfsg.1/gprof/org.eclipse.linuxtools.gprof.test/foox_gprof_input/src/foox.c Examining data/eclipse-linuxtools-7.4.0+dfsg.1/gprof/org.eclipse.linuxtools.gprof.test/resources/fibTest/fib.cpp Examining data/eclipse-linuxtools-7.4.0+dfsg.1/gprof/org.eclipse.linuxtools.gprof.test/resources/fibTest2/fib.cpp Examining data/eclipse-linuxtools-7.4.0+dfsg.1/oprofile/org.eclipse.linuxtools.oprofile.launch.tests/resources/primeTest/primeTest.c Examining data/eclipse-linuxtools-7.4.0+dfsg.1/oprofile/org.eclipse.linuxtools.oprofile.launch.tests/resources/sleepTest/sleepTest.c Examining data/eclipse-linuxtools-7.4.0+dfsg.1/perf/org.eclipse.linuxtools.perf.swtbot.tests/resources/fibTest/fib.cpp Examining data/eclipse-linuxtools-7.4.0+dfsg.1/perf/org.eclipse.linuxtools.perf.tests/resources/fibTest/fib.cpp Examining data/eclipse-linuxtools-7.4.0+dfsg.1/profiling/org.eclipse.linuxtools.profiling.provider.tests/resources/fibTest/fib.cpp Examining data/eclipse-linuxtools-7.4.0+dfsg.1/profiling/org.eclipse.linuxtools.remote.proxy.tests/resources/localTestProject/main.c Examining data/eclipse-linuxtools-7.4.0+dfsg.1/profiling/org.eclipse.linuxtools.remote.proxy.tests/resources/syncTestProject/main.c Examining data/eclipse-linuxtools-7.4.0+dfsg.1/systemtap/org.eclipse.linuxtools.callgraph.launch.tests/resources/basicTest/main.c Examining data/eclipse-linuxtools-7.4.0+dfsg.1/systemtap/org.eclipse.linuxtools.callgraph.launch.tests/resources/basicTest/uncalled.c Examining data/eclipse-linuxtools-7.4.0+dfsg.1/valgrind/org.eclipse.linuxtools.valgrind.cachegrind.tests/resources/basicTest/test.c Examining data/eclipse-linuxtools-7.4.0+dfsg.1/valgrind/org.eclipse.linuxtools.valgrind.cachegrind.tests/resources/cpptest/cpptest.cpp Examining data/eclipse-linuxtools-7.4.0+dfsg.1/valgrind/org.eclipse.linuxtools.valgrind.cachegrind.tests/resources/cpptest/cpptest.h Examining data/eclipse-linuxtools-7.4.0+dfsg.1/valgrind/org.eclipse.linuxtools.valgrind.cachegrind.tests/resources/multiProcTest/parent.cpp Examining data/eclipse-linuxtools-7.4.0+dfsg.1/valgrind/org.eclipse.linuxtools.valgrind.helgrind.tests/resources/basicTest/test.c Examining data/eclipse-linuxtools-7.4.0+dfsg.1/valgrind/org.eclipse.linuxtools.valgrind.helgrind.tests/resources/cpptest/cpptest.cpp Examining data/eclipse-linuxtools-7.4.0+dfsg.1/valgrind/org.eclipse.linuxtools.valgrind.helgrind.tests/resources/cpptest/cpptest.h Examining data/eclipse-linuxtools-7.4.0+dfsg.1/valgrind/org.eclipse.linuxtools.valgrind.helgrind.tests/resources/multiProcTest/parent.cpp Examining data/eclipse-linuxtools-7.4.0+dfsg.1/valgrind/org.eclipse.linuxtools.valgrind.massif.tests/resources/alloctest/alloctest.c Examining data/eclipse-linuxtools-7.4.0+dfsg.1/valgrind/org.eclipse.linuxtools.valgrind.massif.tests/resources/basicTest/test.c Examining data/eclipse-linuxtools-7.4.0+dfsg.1/valgrind/org.eclipse.linuxtools.valgrind.massif.tests/resources/multiProcTest/parent.c Examining data/eclipse-linuxtools-7.4.0+dfsg.1/valgrind/org.eclipse.linuxtools.valgrind.memcheck.tests/resources/basicTest/test.c Examining data/eclipse-linuxtools-7.4.0+dfsg.1/valgrind/org.eclipse.linuxtools.valgrind.memcheck.tests/resources/linkedTest/src/test.c Examining data/eclipse-linuxtools-7.4.0+dfsg.1/valgrind/org.eclipse.linuxtools.valgrind.memcheck.tests/resources/multiProcTest/parent.c Examining data/eclipse-linuxtools-7.4.0+dfsg.1/valgrind/org.eclipse.linuxtools.valgrind.memcheck.tests/resources/segvtest/main.c Examining data/eclipse-linuxtools-7.4.0+dfsg.1/valgrind/org.eclipse.linuxtools.valgrind.ui.tests/resources/wrongDeallocTest/wrongDealloc.cpp FINAL RESULTS: data/eclipse-linuxtools-7.4.0+dfsg.1/valgrind/org.eclipse.linuxtools.valgrind.cachegrind.tests/resources/multiProcTest/parent.cpp:37:3: [4] (shell) execv: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execv("../cpptest/Debug/cpptest", NULL); data/eclipse-linuxtools-7.4.0+dfsg.1/valgrind/org.eclipse.linuxtools.valgrind.helgrind.tests/resources/multiProcTest/parent.cpp:37:3: [4] (shell) execv: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execv("../cpptest/Debug/cpptest", NULL); data/eclipse-linuxtools-7.4.0+dfsg.1/valgrind/org.eclipse.linuxtools.valgrind.massif.tests/resources/multiProcTest/parent.c:16:3: [4] (shell) execv: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execv("../alloctest/Debug/alloctest", NULL); data/eclipse-linuxtools-7.4.0+dfsg.1/valgrind/org.eclipse.linuxtools.valgrind.memcheck.tests/resources/multiProcTest/parent.c:11:3: [4] (shell) execv: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execv("../basicTest/Debug/basicTest", NULL); data/eclipse-linuxtools-7.4.0+dfsg.1/gprof/org.eclipse.linuxtools.gprof.test/resources/fibTest/fib.cpp:32:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cout << atoi(argv[1]) << endl; data/eclipse-linuxtools-7.4.0+dfsg.1/gprof/org.eclipse.linuxtools.gprof.test/resources/fibTest/fib.cpp:33:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cout << leftfib(atoi(argv[1])) << endl; data/eclipse-linuxtools-7.4.0+dfsg.1/gprof/org.eclipse.linuxtools.gprof.test/resources/fibTest2/fib.cpp:32:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cout << atoi(argv[1]) << endl; data/eclipse-linuxtools-7.4.0+dfsg.1/gprof/org.eclipse.linuxtools.gprof.test/resources/fibTest2/fib.cpp:33:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cout << leftfib(atoi(argv[1])) << endl; data/eclipse-linuxtools-7.4.0+dfsg.1/perf/org.eclipse.linuxtools.perf.swtbot.tests/resources/fibTest/fib.cpp:32:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cout << atoi(argv[1]) << endl; data/eclipse-linuxtools-7.4.0+dfsg.1/perf/org.eclipse.linuxtools.perf.swtbot.tests/resources/fibTest/fib.cpp:33:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cout << leftfib(atoi(argv[1])) << endl; data/eclipse-linuxtools-7.4.0+dfsg.1/perf/org.eclipse.linuxtools.perf.tests/resources/fibTest/fib.cpp:32:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cout << atoi(argv[1]) << endl; data/eclipse-linuxtools-7.4.0+dfsg.1/perf/org.eclipse.linuxtools.perf.tests/resources/fibTest/fib.cpp:33:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cout << leftfib(atoi(argv[1])) << endl; data/eclipse-linuxtools-7.4.0+dfsg.1/profiling/org.eclipse.linuxtools.profiling.provider.tests/resources/fibTest/fib.cpp:30:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cout << atoi(argv[1]) << endl; data/eclipse-linuxtools-7.4.0+dfsg.1/profiling/org.eclipse.linuxtools.profiling.provider.tests/resources/fibTest/fib.cpp:31:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cout << leftfib(atoi(argv[1])) << endl; ANALYSIS SUMMARY: Hits = 14 Lines analyzed = 18446 in approximately 14.77 seconds (1249 lines/second) Physical Source Lines of Code (SLOC) = 16025 Hits@level = [0] 1009 [1] 0 [2] 10 [3] 0 [4] 4 [5] 0 Hits@level+ = [0+] 1023 [1+] 14 [2+] 14 [3+] 4 [4+] 4 [5+] 0 Hits/KSLOC@level+ = [0+] 63.8378 [1+] 0.873635 [2+] 0.873635 [3+] 0.24961 [4+] 0.24961 [5+] 0 Dot directories skipped = 105 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.