Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/oregano-0.84.41+dfsg.1/src/load-common.h
Examining data/oregano-0.84.41+dfsg.1/src/oregano.h
Examining data/oregano-0.84.41+dfsg.1/src/dialogs.c
Examining data/oregano-0.84.41+dfsg.1/src/settings.c
Examining data/oregano-0.84.41+dfsg.1/src/clipboard.h
Examining data/oregano-0.84.41+dfsg.1/src/load-schematic.c
Examining data/oregano-0.84.41+dfsg.1/src/simulation.c
Examining data/oregano-0.84.41+dfsg.1/src/sim-settings-gui.c
Examining data/oregano-0.84.41+dfsg.1/src/oregano.c
Examining data/oregano-0.84.41+dfsg.1/src/load-library.h
Examining data/oregano-0.84.41+dfsg.1/src/errors.c
Examining data/oregano-0.84.41+dfsg.1/src/save-schematic.h
Examining data/oregano-0.84.41+dfsg.1/src/file-manager.c
Examining data/oregano-0.84.41+dfsg.1/src/tools/cancel-info.c
Examining data/oregano-0.84.41+dfsg.1/src/tools/cancel-info.h
Examining data/oregano-0.84.41+dfsg.1/src/tools/thread-pipe.c
Examining data/oregano-0.84.41+dfsg.1/src/tools/thread-pipe.h
Examining data/oregano-0.84.41+dfsg.1/src/schematic-view.h
Examining data/oregano-0.84.41+dfsg.1/src/netlist-editor.h
Examining data/oregano-0.84.41+dfsg.1/src/engines/ngspice.c
Examining data/oregano-0.84.41+dfsg.1/src/engines/engine-internal.h
Examining data/oregano-0.84.41+dfsg.1/src/engines/gnucap.h
Examining data/oregano-0.84.41+dfsg.1/src/engines/ngspice-analysis.h
Examining data/oregano-0.84.41+dfsg.1/src/engines/netlist-helper.c
Examining data/oregano-0.84.41+dfsg.1/src/engines/netlist-helper.h
Examining data/oregano-0.84.41+dfsg.1/src/engines/ngspice.h
Examining data/oregano-0.84.41+dfsg.1/src/engines/ngspice-watcher.c
Examining data/oregano-0.84.41+dfsg.1/src/engines/ngspice-analysis.c
Examining data/oregano-0.84.41+dfsg.1/src/engines/ngspice-watcher.h
Examining data/oregano-0.84.41+dfsg.1/src/engines/engine.h
Examining data/oregano-0.84.41+dfsg.1/src/engines/engine.c
Examining data/oregano-0.84.41+dfsg.1/src/engines/gnucap.c
Examining data/oregano-0.84.41+dfsg.1/src/log-interface.h
Examining data/oregano-0.84.41+dfsg.1/src/sim-settings.c
Examining data/oregano-0.84.41+dfsg.1/src/xml-compat.h
Examining data/oregano-0.84.41+dfsg.1/src/settings.h
Examining data/oregano-0.84.41+dfsg.1/src/load-schematic.h
Examining data/oregano-0.84.41+dfsg.1/src/model/wire.h
Examining data/oregano-0.84.41+dfsg.1/src/model/schematic.c
Examining data/oregano-0.84.41+dfsg.1/src/model/schematic-print-context.h
Examining data/oregano-0.84.41+dfsg.1/src/model/item-data.h
Examining data/oregano-0.84.41+dfsg.1/src/model/wire.c
Examining data/oregano-0.84.41+dfsg.1/src/model/node.c
Examining data/oregano-0.84.41+dfsg.1/src/model/part.c
Examining data/oregano-0.84.41+dfsg.1/src/model/wire-private.h
Examining data/oregano-0.84.41+dfsg.1/src/model/node-store.c
Examining data/oregano-0.84.41+dfsg.1/src/model/part-property.h
Examining data/oregano-0.84.41+dfsg.1/src/model/textbox.h
Examining data/oregano-0.84.41+dfsg.1/src/model/schematic.h
Examining data/oregano-0.84.41+dfsg.1/src/model/part-private.h
Examining data/oregano-0.84.41+dfsg.1/src/model/node-store.h
Examining data/oregano-0.84.41+dfsg.1/src/model/part-label.h
Examining data/oregano-0.84.41+dfsg.1/src/model/textbox.c
Examining data/oregano-0.84.41+dfsg.1/src/model/part.h
Examining data/oregano-0.84.41+dfsg.1/src/model/node-store-private.h
Examining data/oregano-0.84.41+dfsg.1/src/model/part-property.c
Examining data/oregano-0.84.41+dfsg.1/src/model/node.h
Examining data/oregano-0.84.41+dfsg.1/src/model/item-data.c
Examining data/oregano-0.84.41+dfsg.1/src/simulation.h
Examining data/oregano-0.84.41+dfsg.1/src/options.c
Examining data/oregano-0.84.41+dfsg.1/src/splash.h
Examining data/oregano-0.84.41+dfsg.1/src/main.c
Examining data/oregano-0.84.41+dfsg.1/src/oregano-config.h
Examining data/oregano-0.84.41+dfsg.1/src/errors.h
Examining data/oregano-0.84.41+dfsg.1/src/log.c
Examining data/oregano-0.84.41+dfsg.1/src/options.h
Examining data/oregano-0.84.41+dfsg.1/src/dialogs.h
Examining data/oregano-0.84.41+dfsg.1/src/file.h
Examining data/oregano-0.84.41+dfsg.1/src/debug.h
Examining data/oregano-0.84.41+dfsg.1/src/oregano-utils.c
Examining data/oregano-0.84.41+dfsg.1/src/sheet/create-wire.c
Examining data/oregano-0.84.41+dfsg.1/src/sheet/rubberband.c
Examining data/oregano-0.84.41+dfsg.1/src/sheet/plot-add-function.h
Examining data/oregano-0.84.41+dfsg.1/src/sheet/part-item.h
Examining data/oregano-0.84.41+dfsg.1/src/sheet/sheet-private.h
Examining data/oregano-0.84.41+dfsg.1/src/sheet/textbox-item.c
Examining data/oregano-0.84.41+dfsg.1/src/sheet/sheet-item.c
Examining data/oregano-0.84.41+dfsg.1/src/sheet/textbox-item.h
Examining data/oregano-0.84.41+dfsg.1/src/sheet/sheet-item-factory.h
Examining data/oregano-0.84.41+dfsg.1/src/sheet/sheet.h
Examining data/oregano-0.84.41+dfsg.1/src/sheet/grid.c
Examining data/oregano-0.84.41+dfsg.1/src/sheet/sheet-item.h
Examining data/oregano-0.84.41+dfsg.1/src/sheet/node-item.c
Examining data/oregano-0.84.41+dfsg.1/src/sheet/plot-add-function.c
Examining data/oregano-0.84.41+dfsg.1/src/sheet/rubberband.h
Examining data/oregano-0.84.41+dfsg.1/src/sheet/part-item.c
Examining data/oregano-0.84.41+dfsg.1/src/sheet/sheet-item-factory.c
Examining data/oregano-0.84.41+dfsg.1/src/sheet/sheet.c
Examining data/oregano-0.84.41+dfsg.1/src/sheet/wire-item.c
Examining data/oregano-0.84.41+dfsg.1/src/sheet/wire-item.h
Examining data/oregano-0.84.41+dfsg.1/src/sheet/grid.h
Examining data/oregano-0.84.41+dfsg.1/src/sheet/node-item.h
Examining data/oregano-0.84.41+dfsg.1/src/sheet/create-wire.h
Examining data/oregano-0.84.41+dfsg.1/src/plot.c
Examining data/oregano-0.84.41+dfsg.1/src/coords.h
Examining data/oregano-0.84.41+dfsg.1/src/stock.h
Examining data/oregano-0.84.41+dfsg.1/src/save-schematic.c
Examining data/oregano-0.84.41+dfsg.1/src/clipboard.c
Examining data/oregano-0.84.41+dfsg.1/src/coords.c
Examining data/oregano-0.84.41+dfsg.1/src/splash.c
Examining data/oregano-0.84.41+dfsg.1/src/gplot/gplotlines.h
Examining data/oregano-0.84.41+dfsg.1/src/gplot/gplotlines.c
Examining data/oregano-0.84.41+dfsg.1/src/gplot/gplotfunction.c
Examining data/oregano-0.84.41+dfsg.1/src/gplot/gplot-internal.h
Examining data/oregano-0.84.41+dfsg.1/src/gplot/gplot.h
Examining data/oregano-0.84.41+dfsg.1/src/gplot/gplot.c
Examining data/oregano-0.84.41+dfsg.1/src/gplot/gplotfunction.h
Examining data/oregano-0.84.41+dfsg.1/src/part-browser.c
Examining data/oregano-0.84.41+dfsg.1/src/log-view.c
Examining data/oregano-0.84.41+dfsg.1/src/part-browser.h
Examining data/oregano-0.84.41+dfsg.1/src/schematic-view-menu.h
Examining data/oregano-0.84.41+dfsg.1/src/oregano-utils.h
Examining data/oregano-0.84.41+dfsg.1/src/cursors.c
Examining data/oregano-0.84.41+dfsg.1/src/cursors.h
Examining data/oregano-0.84.41+dfsg.1/src/sim-settings-gui.h
Examining data/oregano-0.84.41+dfsg.1/src/oregano-config.c
Examining data/oregano-0.84.41+dfsg.1/src/stock.c
Examining data/oregano-0.84.41+dfsg.1/src/plot.h
Examining data/oregano-0.84.41+dfsg.1/src/xml-helper.c
Examining data/oregano-0.84.41+dfsg.1/src/load-library.c
Examining data/oregano-0.84.41+dfsg.1/src/log.h
Examining data/oregano-0.84.41+dfsg.1/src/xml-helper.h
Examining data/oregano-0.84.41+dfsg.1/src/sim-settings.h
Examining data/oregano-0.84.41+dfsg.1/src/log-view.h
Examining data/oregano-0.84.41+dfsg.1/src/file-manager.h
Examining data/oregano-0.84.41+dfsg.1/src/file.c
Examining data/oregano-0.84.41+dfsg.1/src/netlist-editor.c
Examining data/oregano-0.84.41+dfsg.1/src/schematic-view.c
Examining data/oregano-0.84.41+dfsg.1/test/test_wire.c
Examining data/oregano-0.84.41+dfsg.1/test/test_engine.c
Examining data/oregano-0.84.41+dfsg.1/test/test.c
Examining data/oregano-0.84.41+dfsg.1/test/helper.c
Examining data/oregano-0.84.41+dfsg.1/test/test_nodestore.c
Examining data/oregano-0.84.41+dfsg.1/test/test_update_connection_designators.c
Examining data/oregano-0.84.41+dfsg.1/test/test_engine_ngspice.c
Examining data/oregano-0.84.41+dfsg.1/test/test_thread_pipe.c
FINAL RESULTS:
data/oregano-0.84.41+dfsg.1/src/load-library.c:514:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf (state->content->str, "(%d %d)%s", &state->object->u.text.x,
data/oregano-0.84.41+dfsg.1/src/oregano-config.c:105:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (txt, _ ("Loading %s ..."), libentry->d_name);
data/oregano-0.84.41+dfsg.1/src/sheet/wire-item.c:221:46: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
? random_color[g_random_int_range (0, random_color_count - 1)]
data/oregano-0.84.41+dfsg.1/src/sheet/wire-item.c:230:25: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
? random_color[g_random_int_range (0, random_color_count - 1)]
data/oregano-0.84.41+dfsg.1/src/sheet/wire-item.c:244:25: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
? random_color[g_random_int_range (0, random_color_count - 1)]
data/oregano-0.84.41+dfsg.1/src/engines/gnucap.c:200:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen (filename, "w");
data/oregano-0.84.41+dfsg.1/src/engines/gnucap.c:561:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024];
data/oregano-0.84.41+dfsg.1/src/engines/netlist-helper.c:471:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pins[0].node_nr = atoi (node2real[node_nr]);
data/oregano-0.84.41+dfsg.1/src/engines/netlist-helper.c:529:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pins[pin_nr].node_nr = atoi (node2real[node_nr]);
data/oregano-0.84.41+dfsg.1/src/engines/netlist-helper.c:702:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
text = g_strdup_printf ("V(%d)", atoi (slist->data));
data/oregano-0.84.41+dfsg.1/src/engines/netlist-helper.c:705:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
text = g_strdup_printf ("%s V(%d)", text, atoi (slist->data));
data/oregano-0.84.41+dfsg.1/src/engines/ngspice-analysis.c:110:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (out, tmp, sizeof(gchar *) * i);
data/oregano-0.84.41+dfsg.1/src/engines/ngspice-analysis.c:194:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
index = atoi (variables[0]);
data/oregano-0.84.41+dfsg.1/src/engines/ngspice-analysis.c:300:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
index = atoi (variables[0]);
data/oregano-0.84.41+dfsg.1/src/engines/ngspice-analysis.c:938:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
index = atoi (variables[0]);
data/oregano-0.84.41+dfsg.1/src/engines/ngspice-analysis.c:978:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *file = fopen(path_to_file, "w");
data/oregano-0.84.41+dfsg.1/src/model/part.c:495:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (priv->pins, priv->pins_orig, sizeof(Pin) * num_pins);
data/oregano-0.84.41+dfsg.1/src/model/part.c:772:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dest_part->priv->pins, src_part->priv->pins, src_part->priv->num_pins * sizeof(Pin));
data/oregano-0.84.41+dfsg.1/src/model/part.c:777:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dest_part->priv->pins_orig, src_part->priv->pins_orig, src_part->priv->num_pins * sizeof(Pin));
data/oregano-0.84.41+dfsg.1/src/netlist-editor.c:136:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (name, "wt");
data/oregano-0.84.41+dfsg.1/src/oregano-config.c:104:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[50];
data/oregano-0.84.41+dfsg.1/src/sheet/textbox-item.c:317:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (p1, &priv->bbox_start, sizeof(Coords));
data/oregano-0.84.41+dfsg.1/src/sheet/textbox-item.c:318:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (p2, &priv->bbox_end, sizeof(Coords));
data/oregano-0.84.41+dfsg.1/src/sim-settings-gui.c:338:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi (tmp->data) == i - 1) {
data/oregano-0.84.41+dfsg.1/src/sim-settings-gui.c:355:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (node_slist->data && atoi (node_slist->data) > 0)
data/oregano-0.84.41+dfsg.1/src/sim-settings-gui.c:356:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
text = g_strdup_printf ("V(%d)", atoi (node_slist->data));
data/oregano-0.84.41+dfsg.1/src/sim-settings-gui.c:360:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (node_slist->data && atoi (node_slist->data) > 0) {
data/oregano-0.84.41+dfsg.1/src/sim-settings-gui.c:362:48: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
text = g_strdup_printf ("%s V(%d)", text, atoi (node_slist->data));
data/oregano-0.84.41+dfsg.1/src/sim-settings-gui.c:364:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
text = g_strdup_printf ("V(%d)", atoi (node_slist->data));
data/oregano-0.84.41+dfsg.1/src/sim-settings-gui.c:596:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmp = g_strdup_printf ("V(%d)", atoi (siter->data));
data/oregano-0.84.41+dfsg.1/src/sim-settings-gui.c:626:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmp = g_strdup_printf ("V%d", atoi (siter->data));
data/oregano-0.84.41+dfsg.1/src/sim-settings-gui.c:1031:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (slist->data && atoi (slist->data) > 0)
data/oregano-0.84.41+dfsg.1/src/sim-settings-gui.c:1032:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
text = g_strdup_printf ("V(%d)", atoi (slist->data));
data/oregano-0.84.41+dfsg.1/src/sim-settings-gui.c:1036:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (slist->data && atoi (slist->data) > 0) {
data/oregano-0.84.41+dfsg.1/src/sim-settings-gui.c:1039:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
text = g_strdup_printf ("%s V(%d)", text, atoi (slist->data));
data/oregano-0.84.41+dfsg.1/src/sim-settings-gui.c:1042:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
text = g_strdup_printf ("V(%d)", atoi (slist->data));
data/oregano-0.84.41+dfsg.1/src/sim-settings.c:157:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((node_index - 1) == atoi (node_slist->data)) {
data/oregano-0.84.41+dfsg.1/src/sim-settings.c:177:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (node_slist->data && atoi (node_slist->data) > 0)
data/oregano-0.84.41+dfsg.1/src/sim-settings.c:178:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ret_val = g_strdup_printf ("V(%d)", atoi (node_slist->data));
data/oregano-0.84.41+dfsg.1/src/sim-settings.c:182:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (node_slist->data && atoi (node_slist->data) > 0) {
data/oregano-0.84.41+dfsg.1/src/sim-settings.c:185:54: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ret_val = g_strdup_printf ("%s V(%d)", ret_val, atoi (node_slist->data));
data/oregano-0.84.41+dfsg.1/src/sim-settings.c:188:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ret_val = g_strdup_printf ("V(%d)", atoi (node_slist->data));
data/oregano-0.84.41+dfsg.1/src/sim-settings.c:200:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (node_ids[i] && atoi (node_ids[i]) > 0) {
data/oregano-0.84.41+dfsg.1/src/sim-settings.c:203:54: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ret_val = g_strdup_printf ("%s V(%d)", ret_val, atoi (node_ids[i]));
data/oregano-0.84.41+dfsg.1/src/sim-settings.c:206:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ret_val = g_strdup_printf ("V(%d)", atoi (node_ids[i]));
data/oregano-0.84.41+dfsg.1/src/sim-settings.c:307:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi (sim_settings->ac_npoints);
data/oregano-0.84.41+dfsg.1/src/sim-settings.c:462:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (node_slist->data && atoi (node_slist->data) > 0)
data/oregano-0.84.41+dfsg.1/src/sim-settings.c:463:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
text = g_strdup_printf ("%d", atoi (node_slist->data));
data/oregano-0.84.41+dfsg.1/src/sim-settings.c:467:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (node_slist->data && atoi (node_slist->data) > 0) {
data/oregano-0.84.41+dfsg.1/src/sim-settings.c:470:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
text = g_strdup_printf ("%s %d", text, atoi (node_slist->data));
data/oregano-0.84.41+dfsg.1/src/sim-settings.c:473:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
text = g_strdup_printf ("%d", atoi (node_slist->data));
data/oregano-0.84.41+dfsg.1/src/sim-settings.c:498:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (node_slist->data && atoi (node_slist->data) > 0)
data/oregano-0.84.41+dfsg.1/src/sim-settings.c:499:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
text = g_strdup_printf ("V(%d)", atoi (node_slist->data));
data/oregano-0.84.41+dfsg.1/src/sim-settings.c:503:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (node_slist->data && atoi (node_slist->data) > 0) {
data/oregano-0.84.41+dfsg.1/src/sim-settings.c:506:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
text = g_strdup_printf ("%s V(%d)", text, atoi (node_slist->data));
data/oregano-0.84.41+dfsg.1/src/sim-settings.c:509:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
text = g_strdup_printf ("V(%d)", atoi (node_slist->data));
data/oregano-0.84.41+dfsg.1/src/sim-settings.c:535:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi (sim_settings->noise_npoints);
data/oregano-0.84.41+dfsg.1/src/tools/thread-pipe.c:561:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pipe_data->malloc_address, data, size);
data/oregano-0.84.41+dfsg.1/src/xml-helper.c:158:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[101];
data/oregano-0.84.41+dfsg.1/src/xml-helper.c:183:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[101];
data/oregano-0.84.41+dfsg.1/src/engines/gnucap.c:222:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (so->value) > 0) {
data/oregano-0.84.41+dfsg.1/src/engines/netlist-helper.c:335:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (split[i]) > 1) {
data/oregano-0.84.41+dfsg.1/src/engines/ngspice-analysis.c:51:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define IS_THIS_ITEM(str, item) (!strncmp (str, item, strlen (item)))
data/oregano-0.84.41+dfsg.1/src/engines/ngspice-analysis.c:186:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (*buf) <= 2) {
data/oregano-0.84.41+dfsg.1/src/engines/ngspice-analysis.c:290:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (*buf) <= 2) {
data/oregano-0.84.41+dfsg.1/src/engines/ngspice-analysis.c:928:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (*buf) <= 2) {
data/oregano-0.84.41+dfsg.1/src/engines/ngspice-analysis.c:956:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (*buf) < 2)
data/oregano-0.84.41+dfsg.1/src/engines/ngspice.c:200:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (so->value) > 0) {
data/oregano-0.84.41+dfsg.1/src/file.c:70:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (name[strlen (name) - 1] == '/') {
data/oregano-0.84.41+dfsg.1/src/file.c:111:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (name[strlen (name) - 1] != '/') {
data/oregano-0.84.41+dfsg.1/src/file.c:157:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (name[strlen (name) - 1] == '/') {
data/oregano-0.84.41+dfsg.1/src/file.c:186:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (name[strlen (name) - 1] == '/') {
data/oregano-0.84.41+dfsg.1/src/log.c:73:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (previous_message != NULL && previous_message[strlen(previous_message) - 1] != '\r')
data/oregano-0.84.41+dfsg.1/src/model/part-property.c:56:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sln = strlen (str) + 1;
data/oregano-0.84.41+dfsg.1/src/model/part-property.c:113:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*sz = out->len + (*cls1 != NULL ? strlen(*cls1) + 2 : 0) + (*cls2 != NULL ? strlen(*cls2) + 2 : 0);
data/oregano-0.84.41+dfsg.1/src/model/part-property.c:113:78: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*sz = out->len + (*cls1 != NULL ? strlen(*cls1) + 2 : 0) + (*cls2 != NULL ? strlen(*cls2) + 2 : 0);
data/oregano-0.84.41+dfsg.1/src/model/part-property.c:271:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
temp += strlen(prop_split[0]);
data/oregano-0.84.41+dfsg.1/src/model/part-property.c:280:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
temp += strlen(prop_split[0]);
data/oregano-0.84.41+dfsg.1/src/model/part-property.c:288:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
temp += strlen(prop_split[0]);
data/oregano-0.84.41+dfsg.1/src/model/part-property.c:299:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
temp += strlen(prop_split[0]);
data/oregano-0.84.41+dfsg.1/src/model/part-property.c:323:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
temp += strlen(prop_split[i]);
data/oregano-0.84.41+dfsg.1/src/model/part-property.c:354:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
temp += strlen(prop_split[i]);
data/oregano-0.84.41+dfsg.1/src/model/part.c:945:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen (refdes);
data/oregano-0.84.41+dfsg.1/src/model/schematic.c:515:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_text_buffer_insert_at_cursor (schematic->priv->log, message, strlen (message));
data/oregano-0.84.41+dfsg.1/src/oregano-utils.c:50:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unit_length = strlen (unit);
data/oregano-0.84.41+dfsg.1/src/part-browser.c:132:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
br->filter_len = strlen (s);
data/oregano-0.84.41+dfsg.1/src/schematic-view.c:214:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_text_buffer_set_text (buffer, s_comments, strlen (s_comments));
data/oregano-0.84.41+dfsg.1/src/schematic-view.c:1563:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen (files[i]);
data/oregano-0.84.41+dfsg.1/src/sheet/part-item.c:402:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prop_value_length = strlen (prop_value);
data/oregano-0.84.41+dfsg.1/test/test_thread_pipe.c:339:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(*walker)->size = strlen(str[i]) + 1;
ANALYSIS SUMMARY:
Hits = 90
Lines analyzed = 34029 in approximately 0.85 seconds (40214 lines/second)
Physical Source Lines of Code (SLOC) = 22476
Hits@level = [0] 18 [1] 30 [2] 55 [3] 3 [4] 2 [5] 0
Hits@level+ = [0+] 108 [1+] 90 [2+] 60 [3+] 5 [4+] 2 [5+] 0
Hits/KSLOC@level+ = [0+] 4.80513 [1+] 4.00427 [2+] 2.66951 [3+] 0.22246 [4+] 0.0889838 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.