Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/console-braille-1.9/brl-10x7.c Examining data/console-braille-1.9/brl-10x8.c Examining data/console-braille-1.9/brl-11x6.c Examining data/console-braille-1.9/brl-11x8.c Examining data/console-braille-1.9/brl-12x6.c Examining data/console-braille-1.9/brl-12x7.c Examining data/console-braille-1.9/brl-12x8.c Examining data/console-braille-1.9/brl-13x10.c Examining data/console-braille-1.9/brl-13x7.c Examining data/console-braille-1.9/brl-13x8.c Examining data/console-braille-1.9/brl-13x9.c Examining data/console-braille-1.9/brl-14x10.c Examining data/console-braille-1.9/brl-14x7.c Examining data/console-braille-1.9/brl-14x8.c Examining data/console-braille-1.9/brl-14x9.c Examining data/console-braille-1.9/brl-15x8.c Examining data/console-braille-1.9/brl-15x9.c Examining data/console-braille-1.9/brl-16x10.c Examining data/console-braille-1.9/brl-16x11.c Examining data/console-braille-1.9/brl-16x12.c Examining data/console-braille-1.9/brl-16x8.c Examining data/console-braille-1.9/brl-16x9.c Examining data/console-braille-1.9/brl-17x10.c Examining data/console-braille-1.9/brl-17x11.c Examining data/console-braille-1.9/brl-18x10.c Examining data/console-braille-1.9/brl-18x8.c Examining data/console-braille-1.9/brl-18x9.c Examining data/console-braille-1.9/brl-19x11.c Examining data/console-braille-1.9/brl-19x12.c Examining data/console-braille-1.9/brl-19x13.c Examining data/console-braille-1.9/brl-19x8.c Examining data/console-braille-1.9/brl-20x10.c Examining data/console-braille-1.9/brl-20x11.c Examining data/console-braille-1.9/brl-20x12.c Examining data/console-braille-1.9/brl-20x14.c Examining data/console-braille-1.9/brl-20x8.c Examining data/console-braille-1.9/brl-21x13.c Examining data/console-braille-1.9/brl-21x14.c Examining data/console-braille-1.9/brl-21x15.c Examining data/console-braille-1.9/brl-22x11.c Examining data/console-braille-1.9/brl-22x12.c Examining data/console-braille-1.9/brl-24x12.c Examining data/console-braille-1.9/brl-24x8.c Examining data/console-braille-1.9/brl-28x14.c Examining data/console-braille-1.9/brl-28x16.c Examining data/console-braille-1.9/brl-32x16.c Examining data/console-braille-1.9/brl-6x4.c Examining data/console-braille-1.9/brl-6x8.c Examining data/console-braille-1.9/brl-7x8.c Examining data/console-braille-1.9/brl-8x8.c Examining data/console-braille-1.9/brl-9x8.c Examining data/console-braille-1.9/do.h Examining data/console-braille-1.9/gen-psf-block.c Examining data/console-braille-1.9/psf.c Examining data/console-braille-1.9/psf.h Examining data/console-braille-1.9/setbrlkeys.c Examining data/console-braille-1.9/uni.c FINAL RESULTS: data/console-braille-1.9/setbrlkeys.c:143:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open("/dev/tty", O_RDONLY); data/console-braille-1.9/setbrlkeys.c:145:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open("/dev/tty0", O_RDONLY); data/console-braille-1.9/uni.c:24:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). printf("0x%02x\t U+28%02x\n",i + atoi(argv[1]),i); ANALYSIS SUMMARY: Hits = 3 Lines analyzed = 2943 in approximately 0.14 seconds (21320 lines/second) Physical Source Lines of Code (SLOC) = 1869 Hits@level = [0] 72 [1] 0 [2] 3 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 75 [1+] 3 [2+] 3 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 40.1284 [1+] 1.60514 [2+] 1.60514 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.