Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/vspline-1.0.1/basis.h Examining data/vspline-1.0.1/bootstrap.cc Examining data/vspline-1.0.1/brace.h Examining data/vspline-1.0.1/bspline.h Examining data/vspline-1.0.1/common.h Examining data/vspline-1.0.1/convolve.h Examining data/vspline-1.0.1/domain.h Examining data/vspline-1.0.1/doxy.h Examining data/vspline-1.0.1/eval.h Examining data/vspline-1.0.1/example/anytype.cc Examining data/vspline-1.0.1/example/basis_sample.cc Examining data/vspline-1.0.1/example/bls.cpp Examining data/vspline-1.0.1/example/ca_correct.cc Examining data/vspline-1.0.1/example/channels.cc Examining data/vspline-1.0.1/example/complex.cc Examining data/vspline-1.0.1/example/eval.cc Examining data/vspline-1.0.1/example/gradient.cc Examining data/vspline-1.0.1/example/gradient2.cc Examining data/vspline-1.0.1/example/grind.cc Examining data/vspline-1.0.1/example/grok.cc Examining data/vspline-1.0.1/example/gsm.cc Examining data/vspline-1.0.1/example/gsm2.cc Examining data/vspline-1.0.1/example/impulse_response.cc Examining data/vspline-1.0.1/example/int_spline.cc Examining data/vspline-1.0.1/example/mandelbrot.cc Examining data/vspline-1.0.1/example/metafilter.cc Examining data/vspline-1.0.1/example/metafilter3.cc Examining data/vspline-1.0.1/example/n_shift.cc Examining data/vspline-1.0.1/example/polish.cc Examining data/vspline-1.0.1/example/quickstart.cc Examining data/vspline-1.0.1/example/restore_test.cc Examining data/vspline-1.0.1/example/roundtrip.cc Examining data/vspline-1.0.1/example/scope_test.cc Examining data/vspline-1.0.1/example/self_test.cc Examining data/vspline-1.0.1/example/slice.cc Examining data/vspline-1.0.1/example/slice2.cc Examining data/vspline-1.0.1/example/slice3.cc Examining data/vspline-1.0.1/example/splinus.cc Examining data/vspline-1.0.1/example/use_map.cc Examining data/vspline-1.0.1/example/verify.cc Examining data/vspline-1.0.1/extrapolate.h Examining data/vspline-1.0.1/filter.h Examining data/vspline-1.0.1/general_filter.h Examining data/vspline-1.0.1/map.h Examining data/vspline-1.0.1/multithread.h Examining data/vspline-1.0.1/poles.h Examining data/vspline-1.0.1/prefilter.h Examining data/vspline-1.0.1/thread_pool.h Examining data/vspline-1.0.1/transform.h Examining data/vspline-1.0.1/unary_functor.h Examining data/vspline-1.0.1/vector.h Examining data/vspline-1.0.1/vspline.h Examining data/vspline-1.0.1/wielding.h FINAL RESULTS: data/vspline-1.0.1/example/anytype.cc:63:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char padding[12] ; // just for 'padding' data/vspline-1.0.1/example/basis_sample.cc:117:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int degree = std::atoi ( argv[1] ) ; data/vspline-1.0.1/example/basis_sample.cc:121:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). bool normalize = std::atoi ( argv[4] ) ; data/vspline-1.0.1/example/bls.cpp:105:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int degree = std::atoi ( argv[1] ) ; data/vspline-1.0.1/example/bls.cpp:109:40: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int iterations = std::max ( 1 , std::atoi ( argv[2] ) ) ; data/vspline-1.0.1/example/eval.cc:88:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). TIMES = std::atoi ( argv[1] ) ; data/vspline-1.0.1/example/grind.cc:218:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int degree = std::atoi ( argv[1] ) ; data/vspline-1.0.1/example/impulse_response.cc:84:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int degree = std::atoi ( argv[1] ) ; data/vspline-1.0.1/example/n_shift.cc:84:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int degree = std::atoi ( argv[1] ) ; data/vspline-1.0.1/example/n_shift.cc:88:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int iterations = 1 + std::atoi ( argv[2] ) ; data/vspline-1.0.1/example/polish.cc:224:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int degree = std::atoi ( argv[1] ) ; data/vspline-1.0.1/example/restore_test.cc:550:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). test_dim = std::atoi ( argv[1] ) ; data/vspline-1.0.1/example/splinus.cc:65:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int degree = std::atoi ( argv[1] ) ; ANALYSIS SUMMARY: Hits = 13 Lines analyzed = 26664 in approximately 0.67 seconds (39942 lines/second) Physical Source Lines of Code (SLOC) = 12248 Hits@level = [0] 0 [1] 0 [2] 13 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 13 [1+] 13 [2+] 13 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 1.0614 [1+] 1.0614 [2+] 1.0614 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.