Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/console-braille-1.9/brl-10x7.c
Examining data/console-braille-1.9/brl-10x8.c
Examining data/console-braille-1.9/brl-11x6.c
Examining data/console-braille-1.9/brl-11x8.c
Examining data/console-braille-1.9/brl-12x6.c
Examining data/console-braille-1.9/brl-12x7.c
Examining data/console-braille-1.9/brl-12x8.c
Examining data/console-braille-1.9/brl-13x10.c
Examining data/console-braille-1.9/brl-13x7.c
Examining data/console-braille-1.9/brl-13x8.c
Examining data/console-braille-1.9/brl-13x9.c
Examining data/console-braille-1.9/brl-14x10.c
Examining data/console-braille-1.9/brl-14x7.c
Examining data/console-braille-1.9/brl-14x8.c
Examining data/console-braille-1.9/brl-14x9.c
Examining data/console-braille-1.9/brl-15x8.c
Examining data/console-braille-1.9/brl-15x9.c
Examining data/console-braille-1.9/brl-16x10.c
Examining data/console-braille-1.9/brl-16x11.c
Examining data/console-braille-1.9/brl-16x12.c
Examining data/console-braille-1.9/brl-16x8.c
Examining data/console-braille-1.9/brl-16x9.c
Examining data/console-braille-1.9/brl-17x10.c
Examining data/console-braille-1.9/brl-17x11.c
Examining data/console-braille-1.9/brl-18x10.c
Examining data/console-braille-1.9/brl-18x8.c
Examining data/console-braille-1.9/brl-18x9.c
Examining data/console-braille-1.9/brl-19x11.c
Examining data/console-braille-1.9/brl-19x12.c
Examining data/console-braille-1.9/brl-19x13.c
Examining data/console-braille-1.9/brl-19x8.c
Examining data/console-braille-1.9/brl-20x10.c
Examining data/console-braille-1.9/brl-20x11.c
Examining data/console-braille-1.9/brl-20x12.c
Examining data/console-braille-1.9/brl-20x14.c
Examining data/console-braille-1.9/brl-20x8.c
Examining data/console-braille-1.9/brl-21x13.c
Examining data/console-braille-1.9/brl-21x14.c
Examining data/console-braille-1.9/brl-21x15.c
Examining data/console-braille-1.9/brl-22x11.c
Examining data/console-braille-1.9/brl-22x12.c
Examining data/console-braille-1.9/brl-24x12.c
Examining data/console-braille-1.9/brl-24x8.c
Examining data/console-braille-1.9/brl-28x14.c
Examining data/console-braille-1.9/brl-28x16.c
Examining data/console-braille-1.9/brl-32x16.c
Examining data/console-braille-1.9/brl-6x4.c
Examining data/console-braille-1.9/brl-6x8.c
Examining data/console-braille-1.9/brl-7x8.c
Examining data/console-braille-1.9/brl-8x8.c
Examining data/console-braille-1.9/brl-9x8.c
Examining data/console-braille-1.9/do.h
Examining data/console-braille-1.9/gen-psf-block.c
Examining data/console-braille-1.9/psf.c
Examining data/console-braille-1.9/psf.h
Examining data/console-braille-1.9/setbrlkeys.c
Examining data/console-braille-1.9/uni.c
FINAL RESULTS:
data/console-braille-1.9/setbrlkeys.c:143:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/tty", O_RDONLY);
data/console-braille-1.9/setbrlkeys.c:145:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/tty0", O_RDONLY);
data/console-braille-1.9/uni.c:24:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
printf("0x%02x\t U+28%02x\n",i + atoi(argv[1]),i);
ANALYSIS SUMMARY:
Hits = 3
Lines analyzed = 2943 in approximately 0.14 seconds (21320 lines/second)
Physical Source Lines of Code (SLOC) = 1869
Hits@level = [0] 72 [1] 0 [2] 3 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 75 [1+] 3 [2+] 3 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 40.1284 [1+] 1.60514 [2+] 1.60514 [3+] 0 [4+] 0 [5+] 0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.