stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libiec61883-1.2.0/src/iec61883.h
Examining data/libiec61883-1.2.0/src/cip.c
Examining data/libiec61883-1.2.0/src/amdtp.c
Examining data/libiec61883-1.2.0/src/plug.c
Examining data/libiec61883-1.2.0/src/cmp.c
Examining data/libiec61883-1.2.0/src/cooked.c
Examining data/libiec61883-1.2.0/src/cooked.h
Examining data/libiec61883-1.2.0/src/dv.c
Examining data/libiec61883-1.2.0/src/deque.c
Examining data/libiec61883-1.2.0/src/deque.h
Examining data/libiec61883-1.2.0/src/tsbuffer.c
Examining data/libiec61883-1.2.0/src/tsbuffer.h
Examining data/libiec61883-1.2.0/src/mpeg2.c
Examining data/libiec61883-1.2.0/src/iec61883-private.h
Examining data/libiec61883-1.2.0/examples/plugctl.c
Examining data/libiec61883-1.2.0/examples/plugreport.c
Examining data/libiec61883-1.2.0/examples/test-amdtp.c
Examining data/libiec61883-1.2.0/examples/test-dv.c
Examining data/libiec61883-1.2.0/examples/test-mpeg2.c
Examining data/libiec61883-1.2.0/examples/test-plugs.c

FINAL RESULTS:

data/libiec61883-1.2.0/examples/plugctl.c:216:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			port = atoi (argv[++i]);
data/libiec61883-1.2.0/examples/plugctl.c:228:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			node |= atoi (argv[++i]);
data/libiec61883-1.2.0/examples/plugctl.c:245:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					value = atoi (valuestr);
data/libiec61883-1.2.0/examples/plugctl.c:298:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
						int idx = atoi (plug + 5);
data/libiec61883-1.2.0/examples/plugctl.c:328:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
						int idx = atoi (plug + 5);
data/libiec61883-1.2.0/examples/plugctl.c:402:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
						int idx = atoi (plug + 5);
data/libiec61883-1.2.0/examples/plugctl.c:428:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
						int idx = atoi (plug + 5);
data/libiec61883-1.2.0/examples/test-amdtp.c:44:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buffer [nsamples * 2];
data/libiec61883-1.2.0/examples/test-amdtp.c:88:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		unsigned char buffer [nsamples * 2];
data/libiec61883-1.2.0/examples/test-amdtp.c:203:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			node |= atoi (argv[++i]);
data/libiec61883-1.2.0/examples/test-amdtp.c:207:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			node |= atoi (argv[++i]);
data/libiec61883-1.2.0/examples/test-amdtp.c:212:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
				f = fopen (argv[i], "wb");
data/libiec61883-1.2.0/examples/test-amdtp.c:214:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
				f = fopen (argv[i], "rb");
data/libiec61883-1.2.0/examples/test-dv.c:91:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char data[480];
data/libiec61883-1.2.0/examples/test-dv.c:147:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			node |= atoi (argv[++i]);
data/libiec61883-1.2.0/examples/test-dv.c:151:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			node |= atoi (argv[++i]);
data/libiec61883-1.2.0/examples/test-dv.c:156:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
				f = fopen (argv[i], "wb");
data/libiec61883-1.2.0/examples/test-dv.c:158:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
				f = fopen (argv[i], "rb");
data/libiec61883-1.2.0/examples/test-mpeg2.c:145:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			node |= atoi (argv[++i]);
data/libiec61883-1.2.0/examples/test-mpeg2.c:149:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			node |= atoi (argv[++i]);
data/libiec61883-1.2.0/examples/test-mpeg2.c:153:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			pid = atoi (argv[++i]);
data/libiec61883-1.2.0/examples/test-mpeg2.c:157:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
				f = fopen (argv[i], "wb");
data/libiec61883-1.2.0/examples/test-mpeg2.c:159:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
				f = fopen (argv[i], "rb");
data/libiec61883-1.2.0/src/dv.c:315:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy( p, data, len );
data/libiec61883-1.2.0/src/dv.c:319:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy( p + ( 1 + dif_block ) * 80, data, len );
data/libiec61883-1.2.0/src/dv.c:323:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy( p + ( 3 + dif_block ) * 80, data, len );
data/libiec61883-1.2.0/src/dv.c:327:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy( p + ( 6 + dif_block * 16 ) * 80, data, len );
data/libiec61883-1.2.0/src/dv.c:331:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy( p + ( 7 + ( dif_block / 15 ) + dif_block ) * 80, data, len );
data/libiec61883-1.2.0/src/iec61883-private.h:91:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char data[0];
data/libiec61883-1.2.0/src/iec61883-private.h:123:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char data[0];
data/libiec61883-1.2.0/src/iec61883-private.h:276:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char data[480*300];
data/libiec61883-1.2.0/src/tsbuffer.c:103:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char data[ 188 ];
data/libiec61883-1.2.0/src/tsbuffer.c:413:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy ((char*) &cycle->packet[i].data[0], 

ANALYSIS SUMMARY:

Hits = 33
Lines analyzed = 7156 in approximately 0.23 seconds (31120 lines/second)
Physical Source Lines of Code (SLOC) = 4614
Hits@level = [0]  93 [1]   0 [2]  33 [3]   0 [4]   0 [5]   0
Hits@level+ = [0+] 126 [1+]  33 [2+]  33 [3+]   0 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 27.3082 [1+] 7.15215 [2+] 7.15215 [3+]   0 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.