stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/openyahtzee-1.9.3/config.h
Examining data/openyahtzee-1.9.3/src/utility.h
Examining data/openyahtzee-1.9.3/src/highscores_dialog.cpp
Examining data/openyahtzee-1.9.3/src/configuration.h
Examining data/openyahtzee-1.9.3/src/highscores_dialog.h
Examining data/openyahtzee-1.9.3/src/statistics_dialog.cpp
Examining data/openyahtzee-1.9.3/src/ScoreDice.h
Examining data/openyahtzee-1.9.3/src/ScoreDice.cpp
Examining data/openyahtzee-1.9.3/src/configuration.cpp
Examining data/openyahtzee-1.9.3/src/about.cpp
Examining data/openyahtzee-1.9.3/src/statistics.h
Examining data/openyahtzee-1.9.3/src/about.h
Examining data/openyahtzee-1.9.3/src/simple_pie_plot.h
Examining data/openyahtzee-1.9.3/src/settings_dialog.cpp
Examining data/openyahtzee-1.9.3/src/statistics_dialog.h
Examining data/openyahtzee-1.9.3/src/wxDynamicBitmap.h
Examining data/openyahtzee-1.9.3/src/settings_dialog.h
Examining data/openyahtzee-1.9.3/src/simple_pie_plot.cpp
Examining data/openyahtzee-1.9.3/src/wxDynamicBitmap.cpp
Examining data/openyahtzee-1.9.3/src/statistics.cpp
Examining data/openyahtzee-1.9.3/src/openyahtzee.cpp
Examining data/openyahtzee-1.9.3/src/MainFrame.cpp
Examining data/openyahtzee-1.9.3/src/MainFrame.h

FINAL RESULTS:

data/openyahtzee-1.9.3/src/configuration.cpp:122:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		temp_item.score = atoi((line_parts_itr++)->c_str());
data/openyahtzee-1.9.3/src/configuration.cpp:195:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	const unsigned int highscore_list_size = atoi(m_settings["highscore-list-size"].c_str());
data/openyahtzee-1.9.3/src/configuration.cpp:210:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	const unsigned int highscore_list_size = atoi(m_settings["highscore-list-size"].c_str());
data/openyahtzee-1.9.3/src/highscores_dialog.cpp:187:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int size = atoi(m_config->get("highscore-list-size").c_str());
data/openyahtzee-1.9.3/src/statistics.cpp:49:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	_games_started = atoi(tmp.c_str());
data/openyahtzee-1.9.3/src/statistics.cpp:52:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	_games_finished = atoi(tmp.c_str());
data/openyahtzee-1.9.3/src/statistics.cpp:60:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		_score_distribution.push_back(atoi(i.c_str()));

ANALYSIS SUMMARY:

Hits = 7
Lines analyzed = 3789 in approximately 0.13 seconds (29529 lines/second)
Physical Source Lines of Code (SLOC) = 2254
Hits@level = [0]   0 [1]   0 [2]   7 [3]   0 [4]   0 [5]   0
Hits@level+ = [0+]   7 [1+]   7 [2+]   7 [3+]   0 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 3.10559 [1+] 3.10559 [2+] 3.10559 [3+]   0 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.