stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/miniasm-0.3+dfsg/asg.c
Examining data/miniasm-0.3+dfsg/asg.h
Examining data/miniasm-0.3+dfsg/asm.c
Examining data/miniasm-0.3+dfsg/common.c
Examining data/miniasm-0.3+dfsg/dotter.c
Examining data/miniasm-0.3+dfsg/eps.h
Examining data/miniasm-0.3+dfsg/hit.c
Examining data/miniasm-0.3+dfsg/khash.h
Examining data/miniasm-0.3+dfsg/kseq.h
Examining data/miniasm-0.3+dfsg/ksort.h
Examining data/miniasm-0.3+dfsg/kvec.h
Examining data/miniasm-0.3+dfsg/main.c
Examining data/miniasm-0.3+dfsg/miniasm.h
Examining data/miniasm-0.3+dfsg/paf.c
Examining data/miniasm-0.3+dfsg/paf.h
Examining data/miniasm-0.3+dfsg/sdict.c
Examining data/miniasm-0.3+dfsg/sdict.h
Examining data/miniasm-0.3+dfsg/sys.c
Examining data/miniasm-0.3+dfsg/sys.h
Examining data/miniasm-0.3+dfsg/kdq.h

FINAL RESULTS:

data/miniasm-0.3+dfsg/dotter.c:68:14:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((c = getopt(argc, argv, "m:i:s:w:f:Ld")) >= 0) {
data/miniasm-0.3+dfsg/main.c:44:14:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((c = getopt(argc, argv, "n:m:s:c:S:i:d:g:o:h:I:r:f:e:p:12VBRbF:")) >= 0) {
data/miniasm-0.3+dfsg/asm.c:80:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[32];
data/miniasm-0.3+dfsg/asm.c:83:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(name, "utg%.6d%c", i + 1, "lc"[p->circ]);
data/miniasm-0.3+dfsg/dotter.c:69:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		if (c == 'm') min_match = atoi(optarg);
data/miniasm-0.3+dfsg/dotter.c:71:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		else if (c == 's') min_span = atoi(optarg);
data/miniasm-0.3+dfsg/dotter.c:72:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		else if (c == 'w') width = atoi(optarg);
data/miniasm-0.3+dfsg/dotter.c:73:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		else if (c == 'f') font_size = atoi(optarg);
data/miniasm-0.3+dfsg/eps.h:8:21:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#define eps_open(s) fopen((s),"w+")
data/miniasm-0.3+dfsg/kseq.h:135:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(str->s + str->l, ks->buf + ks->begin, i - ks->begin);  \
data/miniasm-0.3+dfsg/kvec.h:74:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((v1).a, (v0).a, sizeof(type) * (v0).n);		\
data/miniasm-0.3+dfsg/main.c:45:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		if (c == 'm') opt.min_match = atoi(optarg);
data/miniasm-0.3+dfsg/main.c:47:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		else if (c == 's') opt.min_span = atoi(optarg);
data/miniasm-0.3+dfsg/main.c:48:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		else if (c == 'c') opt.min_dp = atoi(optarg);
data/miniasm-0.3+dfsg/main.c:49:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		else if (c == 'o') opt.min_ovlp = atoi(optarg), o_set = 1;
data/miniasm-0.3+dfsg/main.c:50:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		else if (c == 'S') stage = atoi(optarg);
data/miniasm-0.3+dfsg/main.c:51:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		else if (c == 'd') opt.bub_dist = atoi(optarg);
data/miniasm-0.3+dfsg/main.c:52:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		else if (c == 'g') opt.gap_fuzz = atoi(optarg);
data/miniasm-0.3+dfsg/main.c:53:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		else if (c == 'h') opt.max_hang = atoi(optarg);
data/miniasm-0.3+dfsg/main.c:55:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		else if (c == 'e') opt.max_ext = atoi(optarg);
data/miniasm-0.3+dfsg/main.c:60:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		else if (c == 'n') opt.n_rounds = atoi(optarg) - 1;
data/miniasm-0.3+dfsg/sys.c:40:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[256];

ANALYSIS SUMMARY:

Hits = 22
Lines analyzed = 3231 in approximately 0.13 seconds (25781 lines/second)
Physical Source Lines of Code (SLOC) = 2530
Hits@level = [0] 117 [1]   0 [2]  20 [3]   2 [4]   0 [5]   0
Hits@level+ = [0+] 139 [1+]  22 [2+]  22 [3+]   2 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 54.9407 [1+] 8.69565 [2+] 8.69565 [3+] 0.790514 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.