Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/xinput-calibrator-0.7.5+git20140201/src/calibrator/EvdevTester.hpp
Examining data/xinput-calibrator-0.7.5+git20140201/src/calibrator/Usbtouchscreen.hpp
Examining data/xinput-calibrator-0.7.5+git20140201/src/calibrator/EvdevTester.cpp
Examining data/xinput-calibrator-0.7.5+git20140201/src/calibrator/Tester.cpp
Examining data/xinput-calibrator-0.7.5+git20140201/src/calibrator/Tester.hpp
Examining data/xinput-calibrator-0.7.5+git20140201/src/calibrator/Evdev.hpp
Examining data/xinput-calibrator-0.7.5+git20140201/src/calibrator/XorgPrint.cpp
Examining data/xinput-calibrator-0.7.5+git20140201/src/calibrator/Usbtouchscreen.cpp
Examining data/xinput-calibrator-0.7.5+git20140201/src/calibrator/XorgPrint.hpp
Examining data/xinput-calibrator-0.7.5+git20140201/src/calibrator/Evdev.cpp
Examining data/xinput-calibrator-0.7.5+git20140201/src/calibrator.cpp
Examining data/xinput-calibrator-0.7.5+git20140201/src/main_gtkmm.cpp
Examining data/xinput-calibrator-0.7.5+git20140201/src/main_x11.cpp
Examining data/xinput-calibrator-0.7.5+git20140201/src/tester.cpp
Examining data/xinput-calibrator-0.7.5+git20140201/src/gui/gui_common.hpp
Examining data/xinput-calibrator-0.7.5+git20140201/src/gui/gtkmm.hpp
Examining data/xinput-calibrator-0.7.5+git20140201/src/gui/x11.hpp
Examining data/xinput-calibrator-0.7.5+git20140201/src/gui/x11.cpp
Examining data/xinput-calibrator-0.7.5+git20140201/src/gui/gui_common.cpp
Examining data/xinput-calibrator-0.7.5+git20140201/src/gui/gtkmm.cpp
Examining data/xinput-calibrator-0.7.5+git20140201/src/main_common.cpp
FINAL RESULTS:
data/xinput-calibrator-0.7.5+git20140201/src/calibrator.cpp:216:20: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(filename, "%s/%s/%s", SYSFS_INPUT, ep->d_name, SYSFS_DEVNAME);
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/Evdev.cpp:531:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line, " MatchProduct \"%s\"\n", sysfs_name);
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/Evdev.cpp:575:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line, "<match key=\"info.product\" contains=\"%s\">\n", sysfs_name);
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/Evdev.cpp:613:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line, " xinput set-int-prop \"%s\" \"Evdev Axis Calibration\" 32 %d %d %d %d\n", device_name, new_axys.x.min, new_axys.x.max, new_axys.y.min, new_axys.y.max);
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/Evdev.cpp:615:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line, " xinput set-int-prop \"%s\" \"Evdev Axes Swap\" 8 %d\n", device_name, new_axys.swap_xy);
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/Usbtouchscreen.cpp:131:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(new_opt, "%s %s=%d %s=%d %s=%d %s=%d %s=%d %s=%d %s=%c %s=%c %s=%c %s=%c\n",
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/Usbtouchscreen.cpp:155:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s/%s", module_prefix, param);
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/Usbtouchscreen.cpp:170:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s/%s", module_prefix, param);
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/Usbtouchscreen.cpp:186:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s/%s", module_prefix, param);
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/Usbtouchscreen.cpp:200:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s/%s", module_prefix, param);
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/XorgPrint.cpp:83:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line, " MatchProduct \"%s\"\n", sysfs_name);
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/XorgPrint.cpp:136:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line, "<match key=\"info.product\" contains=\"%s\">\n", sysfs_name);
data/xinput-calibrator-0.7.5+git20140201/src/main_common.cpp:106:20: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(filename, "%s/%s/%s", SYSFS_INPUT, pre_device, SYSFS_DEVNAME);
data/xinput-calibrator-0.7.5+git20140201/src/calibrator.cpp:215:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[40]; // actually 35, but hey...
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/Evdev.cpp:387:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(name);
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/Evdev.cpp:411:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = atoi(name);
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/Evdev.cpp:526:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_LINE_LEN];
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/Evdev.cpp:533:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, " Option \"Calibration\" \"%d %d %d %d\"\n",
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/Evdev.cpp:536:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, " Option \"SwapAxes\" \"%d\"\n", new_axys.swap_xy);
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/Evdev.cpp:546:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fid = fopen(output_filename, "w");
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/Evdev.cpp:572:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_LINE_LEN];
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/Evdev.cpp:577:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, " <merge key=\"input.x11_options.calibration\" type=\"string\">%d %d %d %d</merge>\n",
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/Evdev.cpp:580:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, " <merge key=\"input.x11_options.swapaxes\" type=\"string\">%d</merge>\n",
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/Evdev.cpp:589:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fid = fopen(output_filename, "w");
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/Evdev.cpp:610:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_LINE_LEN];
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/Evdev.cpp:622:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fid = fopen(output_filename, "w");
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/Usbtouchscreen.cpp:109:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fid = fopen(filename, "r");
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/Usbtouchscreen.cpp:118:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[len];
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/Usbtouchscreen.cpp:139:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(filename, "w");
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/Usbtouchscreen.cpp:154:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[100];
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/Usbtouchscreen.cpp:156:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fid = fopen(filename, "r");
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/Usbtouchscreen.cpp:169:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[100];
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/Usbtouchscreen.cpp:171:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fid = fopen(filename, "r");
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/Usbtouchscreen.cpp:177:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char val[3];
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/Usbtouchscreen.cpp:185:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[100];
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/Usbtouchscreen.cpp:187:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fid = fopen(filename, "w");
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/Usbtouchscreen.cpp:199:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[100];
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/Usbtouchscreen.cpp:201:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fid = fopen(filename, "w");
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/XorgPrint.cpp:78:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_LINE_LEN];
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/XorgPrint.cpp:85:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, " Option \"MinX\" \"%d\"\n", new_axys.x.min);
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/XorgPrint.cpp:87:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, " Option \"MaxX\" \"%d\"\n", new_axys.x.max);
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/XorgPrint.cpp:89:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, " Option \"MinY\" \"%d\"\n", new_axys.y.min);
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/XorgPrint.cpp:91:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, " Option \"MaxY\" \"%d\"\n", new_axys.y.max);
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/XorgPrint.cpp:93:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, " Option \"SwapXY\" \"%d\" # unless it was already set to 1\n", new_axys.swap_xy);
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/XorgPrint.cpp:95:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, " Option \"InvertX\" \"%d\" # unless it was already set\n", new_axys.x.invert);
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/XorgPrint.cpp:97:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, " Option \"InvertY\" \"%d\" # unless it was already set\n", new_axys.y.invert);
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/XorgPrint.cpp:107:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fid = fopen(output_filename, "w");
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/XorgPrint.cpp:133:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_LINE_LEN];
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/XorgPrint.cpp:138:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, " <merge key=\"input.x11_options.minx\" type=\"string\">%d</merge>\n", new_axys.x.min);
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/XorgPrint.cpp:140:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, " <merge key=\"input.x11_options.maxx\" type=\"string\">%d</merge>\n", new_axys.x.max);
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/XorgPrint.cpp:142:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, " <merge key=\"input.x11_options.miny\" type=\"string\">%d</merge>\n", new_axys.y.min);
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/XorgPrint.cpp:144:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, " <merge key=\"input.x11_options.maxy\" type=\"string\">%d</merge>\n", new_axys.y.max);
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/XorgPrint.cpp:146:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, " <merge key=\"input.x11_options.swapxy\" type=\"string\">%d</merge>\n", new_axys.swap_xy);
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/XorgPrint.cpp:148:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, " <merge key=\"input.x11_options.invertx\" type=\"string\">%d</merge>\n", new_axys.x.invert);
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/XorgPrint.cpp:150:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, " <merge key=\"input.x11_options.inverty\" type=\"string\">%d</merge>\n", new_axys.y.invert);
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/XorgPrint.cpp:160:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fid = fopen(output_filename, "w");
data/xinput-calibrator-0.7.5+git20140201/src/main_common.cpp:48:20: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
return (char*) memcpy(p, s, len);
data/xinput-calibrator-0.7.5+git20140201/src/main_common.cpp:105:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[40]; // actually 35, but hey...
data/xinput-calibrator-0.7.5+git20140201/src/main_common.cpp:131:56: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((pre_device_is_id && list->id == (XID) atoi(pre_device)) ||
data/xinput-calibrator-0.7.5+git20140201/src/main_common.cpp:258:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pre_axys.x.min = atoi(argv[++i]);
data/xinput-calibrator-0.7.5+git20140201/src/main_common.cpp:260:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pre_axys.x.max = atoi(argv[++i]);
data/xinput-calibrator-0.7.5+git20140201/src/main_common.cpp:262:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pre_axys.y.min = atoi(argv[++i]);
data/xinput-calibrator-0.7.5+git20140201/src/main_common.cpp:264:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pre_axys.y.max = atoi(argv[++i]);
data/xinput-calibrator-0.7.5+git20140201/src/main_common.cpp:270:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
thr_misclick = atoi(argv[++i]);
data/xinput-calibrator-0.7.5+git20140201/src/calibrator.cpp:213:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(ep->d_name, "event", strlen("event")) == 0) {
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/Evdev.cpp:399:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(name);
data/xinput-calibrator-0.7.5+git20140201/src/calibrator/Usbtouchscreen.cpp:120:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int opt_len = strlen(opt);
data/xinput-calibrator-0.7.5+git20140201/src/gui/x11.cpp:339:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int text_width = XTextWidth(font_info, msg, strlen(msg));
data/xinput-calibrator-0.7.5+git20140201/src/gui/x11.cpp:348:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XDrawString(display, win, gc, x, y, msg, strlen(msg));
data/xinput-calibrator-0.7.5+git20140201/src/gui/x11.cpp:362:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(instance->timer_fd, &missed, sizeof (missed));
data/xinput-calibrator-0.7.5+git20140201/src/main_common.cpp:42:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(s) + 1;
data/xinput-calibrator-0.7.5+git20140201/src/main_common.cpp:90:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(pre_device);
data/xinput-calibrator-0.7.5+git20140201/src/main_common.cpp:102:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(pre_device) < strlen("event") + 4 &&
data/xinput-calibrator-0.7.5+git20140201/src/main_common.cpp:102:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(pre_device) < strlen("event") + 4 &&
data/xinput-calibrator-0.7.5+git20140201/src/main_common.cpp:103:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncmp(pre_device, "event", strlen("event")) == 0 ) {
ANALYSIS SUMMARY:
Hits = 75
Lines analyzed = 3439 in approximately 0.13 seconds (27214 lines/second)
Physical Source Lines of Code (SLOC) = 2169
Hits@level = [0] 140 [1] 11 [2] 51 [3] 0 [4] 13 [5] 0
Hits@level+ = [0+] 215 [1+] 75 [2+] 64 [3+] 13 [4+] 13 [5+] 0
Hits/KSLOC@level+ = [0+] 99.124 [1+] 34.5781 [2+] 29.5067 [3+] 5.99355 [4+] 5.99355 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.