Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libsimpleini-4.17+dfsg/snippets.cpp
Examining data/libsimpleini-4.17+dfsg/test1.cpp
Examining data/libsimpleini-4.17+dfsg/testsi.cpp
Examining data/libsimpleini-4.17+dfsg/SimpleIni.cpp
Examining data/libsimpleini-4.17+dfsg/SimpleIni.h

FINAL RESULTS:

data/libsimpleini-4.17+dfsg/SimpleIni.h:2047:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf(szInput, a_bUseHex ? "0x%lx" : "%ld", a_nValue);
data/libsimpleini-4.17+dfsg/testsi.cpp:36:21:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
# define _tprintf   printf
data/libsimpleini-4.17+dfsg/SimpleIni.h:1307:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp = fopen(a_pszFile, "rb");
data/libsimpleini-4.17+dfsg/SimpleIni.h:1336:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szFile[256];
data/libsimpleini-4.17+dfsg/SimpleIni.h:1467:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szBuf[512];
data/libsimpleini-4.17+dfsg/SimpleIni.h:1841:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pCopy, a_pString, sizeof(SI_CHAR)*uLen);
data/libsimpleini-4.17+dfsg/SimpleIni.h:2003:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szValue[64] = { 0 };
data/libsimpleini-4.17+dfsg/SimpleIni.h:2043:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szInput[64];
data/libsimpleini-4.17+dfsg/SimpleIni.h:2074:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szValue[64] = { 0 };
data/libsimpleini-4.17+dfsg/SimpleIni.h:2105:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char szInput[64];
data/libsimpleini-4.17+dfsg/SimpleIni.h:2109:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(szInput, "%f", a_nValue);
data/libsimpleini-4.17+dfsg/SimpleIni.h:2323:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp = fopen(a_pszFile, "wb");
data/libsimpleini-4.17+dfsg/SimpleIni.h:2351:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szFile[256];
data/libsimpleini-4.17+dfsg/SimpleIni.h:2736:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(a_pOutputData, a_pInputData, a_uInputDataLen);
data/libsimpleini-4.17+dfsg/SimpleIni.h:2782:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(a_pOutputData, a_pInputData, uInputLen);
data/libsimpleini-4.17+dfsg/SimpleIni.h:3269:22:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
        int retval = MultiByteToWideChar(
data/libsimpleini-4.17+dfsg/SimpleIni.h:3295:21:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
        int nSize = MultiByteToWideChar(
data/libsimpleini-4.17+dfsg/test1.cpp:53:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szBuf[1024];
data/libsimpleini-4.17+dfsg/test1.cpp:59:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fp = fopen(a_pszFile1, "rb");
data/libsimpleini-4.17+dfsg/test1.cpp:72:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fp = fopen(a_pszFile2, "rb");
data/libsimpleini-4.17+dfsg/test1.cpp:117:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char * rgszTestFile[3] = {
data/libsimpleini-4.17+dfsg/test1.cpp:133:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        instream.open(rgszTestFile[0], std::ifstream::in | std::ifstream::binary);
data/libsimpleini-4.17+dfsg/test1.cpp:149:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        outfile.open(rgszTestFile[1], std::ofstream::out | std::ofstream::binary);
data/libsimpleini-4.17+dfsg/testsi.cpp:158:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    instream.open(a_pszFile, std::ifstream::in | std::ifstream::binary);
data/libsimpleini-4.17+dfsg/testsi.cpp:171:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    outstream.open("testsi-out-streams.ini", std::ofstream::out | std::ofstream::binary);
data/libsimpleini-4.17+dfsg/testsi.cpp:211:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fp = fopen("testsi-out-comment.ini", "wb");
data/libsimpleini-4.17+dfsg/SimpleIni.h:1828:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        uLen = strlen((const char *)a_pString);
data/libsimpleini-4.17+dfsg/SimpleIni.h:1831:16:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        uLen = wcslen((const wchar_t *)a_pString);
data/libsimpleini-4.17+dfsg/SimpleIni.h:2053:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    c.ConvertFromStore(szInput, strlen(szInput) + 1, 
data/libsimpleini-4.17+dfsg/SimpleIni.h:2115:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	c.ConvertFromStore(szInput, strlen(szInput) + 1, 
data/libsimpleini-4.17+dfsg/SimpleIni.h:2176:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    c.ConvertFromStore(pszInput, strlen(pszInput) + 1, 
data/libsimpleini-4.17+dfsg/SimpleIni.h:2754:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        return strlen((const char *)a_pInputData) + 1;
data/libsimpleini-4.17+dfsg/SimpleIni.h:2776:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t uInputLen = strlen((const char *)a_pInputData) + 1;

ANALYSIS SUMMARY:

Hits = 33
Lines analyzed = 3997 in approximately 0.11 seconds (35828 lines/second)
Physical Source Lines of Code (SLOC) = 2298
Hits@level = [0]  13 [1]   7 [2]  24 [3]   0 [4]   2 [5]   0
Hits@level+ = [0+]  46 [1+]  33 [2+]  26 [3+]   2 [4+]   2 [5+]   0
Hits/KSLOC@level+ = [0+] 20.0174 [1+] 14.3603 [2+] 11.3142 [3+] 0.870322 [4+] 0.870322 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.