Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/octave-arduino-0.6.0/inst/+arduinoio/lib/LibraryBase.cpp Examining data/octave-arduino-0.6.0/inst/+arduinoio/lib/LibraryBase.h Examining data/octave-arduino-0.6.0/inst/+arduinoio/lib/OctaveCoreLibrary.cpp Examining data/octave-arduino-0.6.0/inst/+arduinoio/lib/OctaveCoreLibrary.h Examining data/octave-arduino-0.6.0/inst/+arduinoio/lib/OctaveI2CLibrary.cpp Examining data/octave-arduino-0.6.0/inst/+arduinoio/lib/OctaveI2CLibrary.h Examining data/octave-arduino-0.6.0/inst/+arduinoio/lib/OctaveRotaryEncoderLibrary.cpp Examining data/octave-arduino-0.6.0/inst/+arduinoio/lib/OctaveRotaryEncoderLibrary.h Examining data/octave-arduino-0.6.0/inst/+arduinoio/lib/OctaveSPILibrary.cpp Examining data/octave-arduino-0.6.0/inst/+arduinoio/lib/OctaveSPILibrary.h Examining data/octave-arduino-0.6.0/inst/+arduinoio/lib/OctaveSerialLibrary.cpp Examining data/octave-arduino-0.6.0/inst/+arduinoio/lib/OctaveSerialLibrary.h Examining data/octave-arduino-0.6.0/inst/+arduinoio/lib/OctaveServoLibrary.cpp Examining data/octave-arduino-0.6.0/inst/+arduinoio/lib/OctaveServoLibrary.h Examining data/octave-arduino-0.6.0/inst/+arduinoio/lib/OctaveShiftRegisterLibrary.cpp Examining data/octave-arduino-0.6.0/inst/+arduinoio/lib/OctaveShiftRegisterLibrary.h Examining data/octave-arduino-0.6.0/inst/+arduinoio/lib/OctaveUltrasonicLibrary.cpp Examining data/octave-arduino-0.6.0/inst/+arduinoio/lib/OctaveUltrasonicLibrary.h Examining data/octave-arduino-0.6.0/inst/+arduinoioaddons/+EEPRomAddon/EEPRomAddon.h Examining data/octave-arduino-0.6.0/inst/+arduinoioaddons/+ExampleAddon/src/Echo.h Examining data/octave-arduino-0.6.0/inst/+arduinoioaddons/+ExampleLCD/LCDAddon.h Examining data/octave-arduino-0.6.0/inst/+arduinoioaddons/+RTCAddon/DS1307Addon.h Examining data/octave-arduino-0.6.0/inst/+arduinoioaddons/+adafruit/motorshieldv2.h FINAL RESULTS: data/octave-arduino-0.6.0/inst/+arduinoio/lib/LibraryBase.cpp:82:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[256]; data/octave-arduino-0.6.0/inst/+arduinoio/lib/LibraryBase.cpp:97:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[200]; data/octave-arduino-0.6.0/inst/+arduinoio/lib/LibraryBase.cpp:190:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = OCTAVE_COMMS_PORT.read(); data/octave-arduino-0.6.0/inst/+arduinoio/lib/OctaveI2CLibrary.cpp:92:43: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). data[datasz] = Wire.read (); data/octave-arduino-0.6.0/inst/+arduinoio/lib/OctaveI2CLibrary.cpp:134:44: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). data[datasz] = Wire.read (); data/octave-arduino-0.6.0/inst/+arduinoio/lib/OctaveSerialLibrary.cpp:151:50: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). data[datasz] = serial[id]->read (); data/octave-arduino-0.6.0/inst/+arduinoio/lib/OctaveShiftRegisterLibrary.cpp:67:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). uint8_t read (); data/octave-arduino-0.6.0/inst/+arduinoio/lib/OctaveShiftRegisterLibrary.cpp:204:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ShiftRegister::read () data/octave-arduino-0.6.0/inst/+arduinoio/lib/OctaveShiftRegisterLibrary.cpp:428:38: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). data[c] = reg->read (); data/octave-arduino-0.6.0/inst/+arduinoio/lib/OctaveUltrasonicLibrary.cpp:41:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). uint32_t read (); data/octave-arduino-0.6.0/inst/+arduinoio/lib/OctaveUltrasonicLibrary.cpp:73:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Ultrasonic::read () data/octave-arduino-0.6.0/inst/+arduinoio/lib/OctaveUltrasonicLibrary.cpp:183:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). uint32_t v = reg->read (); data/octave-arduino-0.6.0/inst/+arduinoioaddons/+EEPRomAddon/EEPRomAddon.h:63:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). data[i] = EEPROM.read(addr+i); ANALYSIS SUMMARY: Hits = 13 Lines analyzed = 3251 in approximately 0.10 seconds (33780 lines/second) Physical Source Lines of Code (SLOC) = 2320 Hits@level = [0] 0 [1] 11 [2] 2 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 13 [1+] 13 [2+] 2 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 5.60345 [1+] 5.60345 [2+] 0.862069 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.