Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/vspline-1.0.1/basis.h
Examining data/vspline-1.0.1/bootstrap.cc
Examining data/vspline-1.0.1/brace.h
Examining data/vspline-1.0.1/bspline.h
Examining data/vspline-1.0.1/common.h
Examining data/vspline-1.0.1/convolve.h
Examining data/vspline-1.0.1/domain.h
Examining data/vspline-1.0.1/doxy.h
Examining data/vspline-1.0.1/eval.h
Examining data/vspline-1.0.1/example/anytype.cc
Examining data/vspline-1.0.1/example/basis_sample.cc
Examining data/vspline-1.0.1/example/bls.cpp
Examining data/vspline-1.0.1/example/ca_correct.cc
Examining data/vspline-1.0.1/example/channels.cc
Examining data/vspline-1.0.1/example/complex.cc
Examining data/vspline-1.0.1/example/eval.cc
Examining data/vspline-1.0.1/example/gradient.cc
Examining data/vspline-1.0.1/example/gradient2.cc
Examining data/vspline-1.0.1/example/grind.cc
Examining data/vspline-1.0.1/example/grok.cc
Examining data/vspline-1.0.1/example/gsm.cc
Examining data/vspline-1.0.1/example/gsm2.cc
Examining data/vspline-1.0.1/example/impulse_response.cc
Examining data/vspline-1.0.1/example/int_spline.cc
Examining data/vspline-1.0.1/example/mandelbrot.cc
Examining data/vspline-1.0.1/example/metafilter.cc
Examining data/vspline-1.0.1/example/metafilter3.cc
Examining data/vspline-1.0.1/example/n_shift.cc
Examining data/vspline-1.0.1/example/polish.cc
Examining data/vspline-1.0.1/example/quickstart.cc
Examining data/vspline-1.0.1/example/restore_test.cc
Examining data/vspline-1.0.1/example/roundtrip.cc
Examining data/vspline-1.0.1/example/scope_test.cc
Examining data/vspline-1.0.1/example/self_test.cc
Examining data/vspline-1.0.1/example/slice.cc
Examining data/vspline-1.0.1/example/slice2.cc
Examining data/vspline-1.0.1/example/slice3.cc
Examining data/vspline-1.0.1/example/splinus.cc
Examining data/vspline-1.0.1/example/use_map.cc
Examining data/vspline-1.0.1/example/verify.cc
Examining data/vspline-1.0.1/extrapolate.h
Examining data/vspline-1.0.1/filter.h
Examining data/vspline-1.0.1/general_filter.h
Examining data/vspline-1.0.1/map.h
Examining data/vspline-1.0.1/multithread.h
Examining data/vspline-1.0.1/poles.h
Examining data/vspline-1.0.1/prefilter.h
Examining data/vspline-1.0.1/thread_pool.h
Examining data/vspline-1.0.1/transform.h
Examining data/vspline-1.0.1/unary_functor.h
Examining data/vspline-1.0.1/vector.h
Examining data/vspline-1.0.1/vspline.h
Examining data/vspline-1.0.1/wielding.h
FINAL RESULTS:
data/vspline-1.0.1/example/anytype.cc:63:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char padding[12] ; // just for 'padding'
data/vspline-1.0.1/example/basis_sample.cc:117:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int degree = std::atoi ( argv[1] ) ;
data/vspline-1.0.1/example/basis_sample.cc:121:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bool normalize = std::atoi ( argv[4] ) ;
data/vspline-1.0.1/example/bls.cpp:105:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int degree = std::atoi ( argv[1] ) ;
data/vspline-1.0.1/example/bls.cpp:109:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int iterations = std::max ( 1 , std::atoi ( argv[2] ) ) ;
data/vspline-1.0.1/example/eval.cc:88:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
TIMES = std::atoi ( argv[1] ) ;
data/vspline-1.0.1/example/grind.cc:218:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int degree = std::atoi ( argv[1] ) ;
data/vspline-1.0.1/example/impulse_response.cc:84:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int degree = std::atoi ( argv[1] ) ;
data/vspline-1.0.1/example/n_shift.cc:84:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int degree = std::atoi ( argv[1] ) ;
data/vspline-1.0.1/example/n_shift.cc:88:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int iterations = 1 + std::atoi ( argv[2] ) ;
data/vspline-1.0.1/example/polish.cc:224:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int degree = std::atoi ( argv[1] ) ;
data/vspline-1.0.1/example/restore_test.cc:550:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
test_dim = std::atoi ( argv[1] ) ;
data/vspline-1.0.1/example/splinus.cc:65:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int degree = std::atoi ( argv[1] ) ;
ANALYSIS SUMMARY:
Hits = 13
Lines analyzed = 26664 in approximately 0.67 seconds (39942 lines/second)
Physical Source Lines of Code (SLOC) = 12248
Hits@level = [0] 0 [1] 0 [2] 13 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 13 [1+] 13 [2+] 13 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 1.0614 [1+] 1.0614 [2+] 1.0614 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.