Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libview-0.6.6/libview/toolTip.cc
Examining data/libview-0.6.6/libview/widthHeight.cc
Examining data/libview-0.6.6/libview/ipEntry.cc
Examining data/libview-0.6.6/libview/autoDrawer.h
Examining data/libview-0.6.6/libview/viewport.cc
Examining data/libview-0.6.6/libview/autoDrawer.c
Examining data/libview-0.6.6/libview/drawer.c
Examining data/libview-0.6.6/libview/undoableTextView.cc
Examining data/libview-0.6.6/libview/fieldEntry.cc
Examining data/libview-0.6.6/libview/ovBox.h
Examining data/libview-0.6.6/libview/ovBox.c
Examining data/libview-0.6.6/libview/baseBGBox.cc
Examining data/libview-0.6.6/libview/motionTracker.cc
Examining data/libview-0.6.6/libview/uiGroup.cc
Examining data/libview-0.6.6/libview/wrapLabel.cc
Examining data/libview-0.6.6/libview/spinner.cc
Examining data/libview-0.6.6/libview/header.cc
Examining data/libview-0.6.6/libview/contentBox.cc
Examining data/libview-0.6.6/libview/defines.h
Examining data/libview-0.6.6/libview/deadEntry.cc
Examining data/libview-0.6.6/libview/spinnerAction.cc
Examining data/libview-0.6.6/libview/reparenter.cc
Examining data/libview-0.6.6/libview/drawer.h
Examining data/libview-0.6.6/libview/menuToggleAction.cc
Examining data/libview-0.6.6/libview/utils.cc
Examining data/libview-0.6.6/tests/test-content-box.cc
Examining data/libview-0.6.6/tests/test-ip-entry.cc
Examining data/libview-0.6.6/tests/test-field-entry.cc
Examining data/libview-0.6.6/tests/test-ovBox.cc
Examining data/libview-0.6.6/tests/test-header-bgbox.cc
Examining data/libview-0.6.6/tests/test-wrap-label.cc
Examining data/libview-0.6.6/tests/test-drawer.cc
Examining data/libview-0.6.6/tests/test-dead-entry.cc
Examining data/libview-0.6.6/tests/test-auto-drawer.cc
FINAL RESULTS:
data/libview-0.6.6/libview/ipEntry.cc:172:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int oct = atoi(GetFieldText(i).c_str());
data/libview-0.6.6/libview/ipEntry.cc:211:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(str.c_str()) < 256;
data/libview-0.6.6/libview/ipEntry.cc:308:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
stream << atoi(text.c_str());
ANALYSIS SUMMARY:
Hits = 3
Lines analyzed = 9751 in approximately 0.35 seconds (28107 lines/second)
Physical Source Lines of Code (SLOC) = 3511
Hits@level = [0] 3 [1] 0 [2] 3 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 6 [1+] 3 [2+] 3 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 1.70891 [1+] 0.854457 [2+] 0.854457 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.