Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/gnome-autoar-0.2.4/gnome-autoar/autoar-compressor.c Examining data/gnome-autoar-0.2.4/gnome-autoar/autoar-compressor.h Examining data/gnome-autoar-0.2.4/gnome-autoar/autoar-extractor.c Examining data/gnome-autoar-0.2.4/gnome-autoar/autoar-extractor.h Examining data/gnome-autoar-0.2.4/gnome-autoar/autoar-format-filter.c Examining data/gnome-autoar-0.2.4/gnome-autoar/autoar-format-filter.h Examining data/gnome-autoar-0.2.4/gnome-autoar/autoar-gtk-chooser.c Examining data/gnome-autoar-0.2.4/gnome-autoar/autoar-gtk-chooser.h Examining data/gnome-autoar-0.2.4/gnome-autoar/autoar-gtk.h Examining data/gnome-autoar-0.2.4/gnome-autoar/autoar-mime-types.c Examining data/gnome-autoar-0.2.4/gnome-autoar/autoar-mime-types.h Examining data/gnome-autoar-0.2.4/gnome-autoar/autoar-misc.c Examining data/gnome-autoar-0.2.4/gnome-autoar/autoar-misc.h Examining data/gnome-autoar-0.2.4/gnome-autoar/autoar-private.c Examining data/gnome-autoar-0.2.4/gnome-autoar/autoar-private.h Examining data/gnome-autoar-0.2.4/gnome-autoar/gnome-autoar.h Examining data/gnome-autoar-0.2.4/tests/test-create.c Examining data/gnome-autoar-0.2.4/tests/test-extract-unit.c Examining data/gnome-autoar-0.2.4/tests/test-extract.c Examining data/gnome-autoar-0.2.4/tests/test-pref.c Examining data/gnome-autoar-0.2.4/tests/test-ui.c FINAL RESULTS: data/gnome-autoar-0.2.4/tests/test-create.c:74:39: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi (argv[1]), data/gnome-autoar-0.2.4/tests/test-create.c:75:39: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi (argv[2]), data/gnome-autoar-0.2.4/tests/test-ui.c:54:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). format = (argc >= 2) ? atoi (argv[1]) : 0; data/gnome-autoar-0.2.4/tests/test-ui.c:55:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). filter = (argc >= 3) ? atoi (argv[2]) : 0; ANALYSIS SUMMARY: Hits = 4 Lines analyzed = 7211 in approximately 1.14 seconds (6327 lines/second) Physical Source Lines of Code (SLOC) = 4619 Hits@level = [0] 0 [1] 0 [2] 4 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 4 [1+] 4 [2+] 4 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0.865988 [1+] 0.865988 [2+] 0.865988 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.