Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/x52pro-0.1.1/x52output.c Examining data/x52pro-0.1.1/x52pro.c Examining data/x52pro-0.1.1/x52pro.h FINAL RESULTS: data/x52pro-0.1.1/x52pro.c:51:35: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define x52printf if (x52->debug) fprintf data/x52pro-0.1.1/x52output.c:29:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). x52_settext(hdl, atoi(argv[2]), argv[3], strlen(argv[3])); data/x52pro-0.1.1/x52output.c:35:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). x52_setbri(hdl, atoi(argv[2]), atoi(argv[3])); data/x52pro-0.1.1/x52output.c:35:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). x52_setbri(hdl, atoi(argv[2]), atoi(argv[3])); data/x52pro-0.1.1/x52output.c:41:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). x52_setled(hdl, atoi(argv[2]), atoi(argv[3])); data/x52pro-0.1.1/x52output.c:41:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). x52_setled(hdl, atoi(argv[2]), atoi(argv[3])); data/x52pro-0.1.1/x52output.c:47:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). x52_settime(hdl, atoi(argv[2]), atoi(argv[3]), atoi(argv[4])); data/x52pro-0.1.1/x52output.c:47:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). x52_settime(hdl, atoi(argv[2]), atoi(argv[3]), atoi(argv[4])); data/x52pro-0.1.1/x52output.c:47:50: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). x52_settime(hdl, atoi(argv[2]), atoi(argv[3]), atoi(argv[4])); data/x52pro-0.1.1/x52output.c:53:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). x52_setoffs(hdl, atoi(argv[2]), atoi(argv[3]), atoi(argv[4]), data/x52pro-0.1.1/x52output.c:53:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). x52_setoffs(hdl, atoi(argv[2]), atoi(argv[3]), atoi(argv[4]), data/x52pro-0.1.1/x52output.c:53:50: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). x52_setoffs(hdl, atoi(argv[2]), atoi(argv[3]), atoi(argv[4]), data/x52pro-0.1.1/x52output.c:54:4: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi(argv[5])); data/x52pro-0.1.1/x52output.c:60:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). x52_setdate(hdl, atoi(argv[2]), atoi(argv[3]), atoi(argv[4])); data/x52pro-0.1.1/x52output.c:60:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). x52_setdate(hdl, atoi(argv[2]), atoi(argv[3]), atoi(argv[4])); data/x52pro-0.1.1/x52output.c:60:50: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). x52_setdate(hdl, atoi(argv[2]), atoi(argv[3]), atoi(argv[4])); data/x52pro-0.1.1/x52output.c:66:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). x52_setsecond(hdl, atoi(argv[2])); data/x52pro-0.1.1/x52output.c:29:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). x52_settext(hdl, atoi(argv[2]), argv[3], strlen(argv[3])); ANALYSIS SUMMARY: Hits = 18 Lines analyzed = 483 in approximately 0.03 seconds (14909 lines/second) Physical Source Lines of Code (SLOC) = 374 Hits@level = [0] 15 [1] 1 [2] 16 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 33 [1+] 18 [2+] 17 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 88.2353 [1+] 48.1283 [2+] 45.4545 [3+] 2.6738 [4+] 2.6738 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.