Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libview-0.6.6/libview/toolTip.cc Examining data/libview-0.6.6/libview/widthHeight.cc Examining data/libview-0.6.6/libview/ipEntry.cc Examining data/libview-0.6.6/libview/autoDrawer.h Examining data/libview-0.6.6/libview/viewport.cc Examining data/libview-0.6.6/libview/autoDrawer.c Examining data/libview-0.6.6/libview/drawer.c Examining data/libview-0.6.6/libview/undoableTextView.cc Examining data/libview-0.6.6/libview/fieldEntry.cc Examining data/libview-0.6.6/libview/ovBox.h Examining data/libview-0.6.6/libview/ovBox.c Examining data/libview-0.6.6/libview/baseBGBox.cc Examining data/libview-0.6.6/libview/motionTracker.cc Examining data/libview-0.6.6/libview/uiGroup.cc Examining data/libview-0.6.6/libview/wrapLabel.cc Examining data/libview-0.6.6/libview/spinner.cc Examining data/libview-0.6.6/libview/header.cc Examining data/libview-0.6.6/libview/contentBox.cc Examining data/libview-0.6.6/libview/defines.h Examining data/libview-0.6.6/libview/deadEntry.cc Examining data/libview-0.6.6/libview/spinnerAction.cc Examining data/libview-0.6.6/libview/reparenter.cc Examining data/libview-0.6.6/libview/drawer.h Examining data/libview-0.6.6/libview/menuToggleAction.cc Examining data/libview-0.6.6/libview/utils.cc Examining data/libview-0.6.6/tests/test-content-box.cc Examining data/libview-0.6.6/tests/test-ip-entry.cc Examining data/libview-0.6.6/tests/test-field-entry.cc Examining data/libview-0.6.6/tests/test-ovBox.cc Examining data/libview-0.6.6/tests/test-header-bgbox.cc Examining data/libview-0.6.6/tests/test-wrap-label.cc Examining data/libview-0.6.6/tests/test-drawer.cc Examining data/libview-0.6.6/tests/test-dead-entry.cc Examining data/libview-0.6.6/tests/test-auto-drawer.cc FINAL RESULTS: data/libview-0.6.6/libview/ipEntry.cc:172:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int oct = atoi(GetFieldText(i).c_str()); data/libview-0.6.6/libview/ipEntry.cc:211:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atoi(str.c_str()) < 256; data/libview-0.6.6/libview/ipEntry.cc:308:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). stream << atoi(text.c_str()); ANALYSIS SUMMARY: Hits = 3 Lines analyzed = 9751 in approximately 0.35 seconds (28107 lines/second) Physical Source Lines of Code (SLOC) = 3511 Hits@level = [0] 3 [1] 0 [2] 3 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 6 [1+] 3 [2+] 3 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 1.70891 [1+] 0.854457 [2+] 0.854457 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.