stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/derivations-0.56.20180123.1/btool/test.cc
Examining data/derivations-0.56.20180123.1/btool/TOC/Table.cc
Examining data/derivations-0.56.20180123.1/btool/TOC/Table.h
Examining data/derivations-0.56.20180123.1/btool/TOC/def.h
Examining data/derivations-0.56.20180123.1/btool/TOC/Sect_level.h
Examining data/derivations-0.56.20180123.1/btool/complete-pdf.cc
Examining data/derivations-0.56.20180123.1/btool/Page_no/PS_page_numbering.cc
Examining data/derivations-0.56.20180123.1/btool/Page_no/PS_page_numbering.h
Examining data/derivations-0.56.20180123.1/btool/Page_no/Page_number.h
Examining data/derivations-0.56.20180123.1/btool/Util/TeX_atom.cc
Examining data/derivations-0.56.20180123.1/btool/Util/roman_numeral.cc
Examining data/derivations-0.56.20180123.1/btool/Util/pdf_stringize.h
Examining data/derivations-0.56.20180123.1/btool/Util/TeX_atom.h
Examining data/derivations-0.56.20180123.1/btool/Util/pdf_stringize.cc
Examining data/derivations-0.56.20180123.1/btool/Util/def.h
Examining data/derivations-0.56.20180123.1/btool/Util/roman_numeral.h
Examining data/derivations-0.56.20180123.1/btool/romanize.cc
Examining data/derivations-0.56.20180123.1/btool/def.h
Examining data/derivations-0.56.20180123.1/btool/PDF/PDF_rep.h
Examining data/derivations-0.56.20180123.1/btool/PDF/updator.cc
Examining data/derivations-0.56.20180123.1/btool/PDF/update_catalog.h
Examining data/derivations-0.56.20180123.1/btool/PDF/PDF.h
Examining data/derivations-0.56.20180123.1/btool/PDF/Iref.h
Examining data/derivations-0.56.20180123.1/btool/PDF/updator.h
Examining data/derivations-0.56.20180123.1/btool/PDF/PDF.cc
Examining data/derivations-0.56.20180123.1/btool/PDF/update_catalog.cc

FINAL RESULTS:

data/derivations-0.56.20180123.1/btool/PDF/PDF.cc:90:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            offset = std::atoi(digit_stage);
data/derivations-0.56.20180123.1/btool/PDF/PDF.cc:97:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
              offset += std::atoi(digit_stage);
data/derivations-0.56.20180123.1/btool/Page_no/PS_page_numbering.cc:98:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int i_page_part = atoi( i_page_part_str  );
data/derivations-0.56.20180123.1/btool/Page_no/PS_page_numbering.cc:102:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int i_page_whole = atoi( i_page_whole_str );
data/derivations-0.56.20180123.1/btool/Page_no/PS_page_numbering.cc:147:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        n_page_whole = atoi( n_page_whole_str );
data/derivations-0.56.20180123.1/btool/TOC/Table.cc:246:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      i_page1.i    = atoi( s.c_str() );
data/derivations-0.56.20180123.1/btool/complete-pdf.cc:81:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      toc_page_prefatory = atoi(arg);
data/derivations-0.56.20180123.1/btool/complete-pdf.cc:84:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      toc_page_corporeal = atoi(arg);
data/derivations-0.56.20180123.1/btool/complete-pdf.cc:87:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      bib_page           = atoi(arg);
data/derivations-0.56.20180123.1/btool/complete-pdf.cc:90:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      index_page         = atoi(arg);
data/derivations-0.56.20180123.1/btool/romanize.cc:10:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    << int_to_roman( atoi(*argv), Util::LOWER_ROMAN_CASE ) << '\n';
data/derivations-0.56.20180123.1/btool/PDF/update_catalog.cc:142:18:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      while ( (c=fgetc(q)) != EOF ) res += c;
data/derivations-0.56.20180123.1/btool/PDF/update_catalog.cc:199:18:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      while ( (c=fgetc(q)) != EOF ) res += c;
data/derivations-0.56.20180123.1/btool/PDF/update_catalog.cc:249:18:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      while ( (c=fgetc(q)) != EOF ) res += c;

ANALYSIS SUMMARY:

Hits = 14
Lines analyzed = 2283 in approximately 0.18 seconds (12794 lines/second)
Physical Source Lines of Code (SLOC) = 1633
Hits@level = [0]   0 [1]   3 [2]  11 [3]   0 [4]   0 [5]   0
Hits@level+ = [0+]  14 [1+]  14 [2+]  11 [3+]   0 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 8.57318 [1+] 8.57318 [2+] 6.73607 [3+]   0 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.