Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gnome-autoar-0.2.4/gnome-autoar/autoar-compressor.c
Examining data/gnome-autoar-0.2.4/gnome-autoar/autoar-compressor.h
Examining data/gnome-autoar-0.2.4/gnome-autoar/autoar-extractor.c
Examining data/gnome-autoar-0.2.4/gnome-autoar/autoar-extractor.h
Examining data/gnome-autoar-0.2.4/gnome-autoar/autoar-format-filter.c
Examining data/gnome-autoar-0.2.4/gnome-autoar/autoar-format-filter.h
Examining data/gnome-autoar-0.2.4/gnome-autoar/autoar-gtk-chooser.c
Examining data/gnome-autoar-0.2.4/gnome-autoar/autoar-gtk-chooser.h
Examining data/gnome-autoar-0.2.4/gnome-autoar/autoar-gtk.h
Examining data/gnome-autoar-0.2.4/gnome-autoar/autoar-mime-types.c
Examining data/gnome-autoar-0.2.4/gnome-autoar/autoar-mime-types.h
Examining data/gnome-autoar-0.2.4/gnome-autoar/autoar-misc.c
Examining data/gnome-autoar-0.2.4/gnome-autoar/autoar-misc.h
Examining data/gnome-autoar-0.2.4/gnome-autoar/autoar-private.c
Examining data/gnome-autoar-0.2.4/gnome-autoar/autoar-private.h
Examining data/gnome-autoar-0.2.4/gnome-autoar/gnome-autoar.h
Examining data/gnome-autoar-0.2.4/tests/test-create.c
Examining data/gnome-autoar-0.2.4/tests/test-extract-unit.c
Examining data/gnome-autoar-0.2.4/tests/test-extract.c
Examining data/gnome-autoar-0.2.4/tests/test-pref.c
Examining data/gnome-autoar-0.2.4/tests/test-ui.c
FINAL RESULTS:
data/gnome-autoar-0.2.4/tests/test-create.c:74:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi (argv[1]),
data/gnome-autoar-0.2.4/tests/test-create.c:75:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi (argv[2]),
data/gnome-autoar-0.2.4/tests/test-ui.c:54:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
format = (argc >= 2) ? atoi (argv[1]) : 0;
data/gnome-autoar-0.2.4/tests/test-ui.c:55:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
filter = (argc >= 3) ? atoi (argv[2]) : 0;
ANALYSIS SUMMARY:
Hits = 4
Lines analyzed = 7211 in approximately 1.14 seconds (6327 lines/second)
Physical Source Lines of Code (SLOC) = 4619
Hits@level = [0] 0 [1] 0 [2] 4 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 4 [1+] 4 [2+] 4 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 0.865988 [1+] 0.865988 [2+] 0.865988 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.