sqc 0.4.84

Software Code Quality - CERT C compliance checker
rule,idx,project,file,line,verdict,reason,provenance,confidence
EXP34-C,0,sqlite,ext/session/changesetfuzz.c,135,FP,argv0 is argv[0] guarded by argc!=4 && argc!=2 check before usage call so argv[0] is valid,,high
ERR05-C,1,sqlite,ext/session/changesetfuzz.c,136,FP,ERR05 exit in a standalone command-line fuzz tool is the intended top-level error handling not library code,,high
ERR00-C,2,sqlite,ext/session/changesetfuzz.c,146,FP,fopen return value IS checked at line 147 if f==0,,high
FIO05-C,3,sqlite,ext/session/changesetfuzz.c,146,FP,FIO05 file-attribute hardening not applicable to a developer fuzz CLI reading a named input file,,high
WIN03-C,4,sqlite,ext/session/changesetfuzz.c,146,FP,WIN03 N-flag advisory not a CERT memory defect and irrelevant for this POSIX dev tool,,high
ERR05-C,5,sqlite,ext/session/changesetfuzz.c,149,FP,ERR05 exit is intended fatal error handling in a CLI tool not reusable library code,,high
ERR00-C,6,sqlite,ext/session/changesetfuzz.c,151,FP,fseek return ignored but file size obtained via ftell which is checked downstream by fread count this is a quality nit not a reachable defect,,med
ERR33-C,7,sqlite,ext/session/changesetfuzz.c,151,FP,ERR33 fseek return ignored is a hygiene finding not a memory-safety defect in this CLI,,med
FIO14-C,8,sqlite,ext/session/changesetfuzz.c,151,FP,FIO14 SEEK_END on binary stream is technically UB-adjacent but standard idiom here and not a reachable crash,,med
FIO19-C,9,sqlite,ext/session/changesetfuzz.c,151,FP,FIO19 ftell-for-size is a portability recommendation not a defect,,low
ERR33-C,10,sqlite,ext/session/changesetfuzz.c,152,FP,ftell into sz unchecked but sz<=0 path handled malloc(sz?sz:1) and sz>0 guards the fread negative sz would just allocate huge or fail malloc not a clear defect,,med
ERR00-C,11,sqlite,ext/session/changesetfuzz.c,152,FP,ERR00 ftell return nominally checked via the sz>0 branch; hygiene only,,med
ERR07-C,12,sqlite,ext/session/changesetfuzz.c,153,FP,ERR07 rewind lacks return is a style preference not a defect,,low
PRE32-C,13,sqlite,ext/session/changesetfuzz.c,156,FP,PRE32 fprintf is a standard library function not a function-like macro with directive args here false premise,,high
INT15-C,14,sqlite,ext/session/changesetfuzz.c,157,FP,INT15 cast of sz to int for %d format is a printf-format style nit not a memory defect,,med
ERR05-C,15,sqlite,ext/session/changesetfuzz.c,158,FP,ERR05 exit in CLI tool intended error handling,,high
FIO17-C,16,sqlite,ext/session/changesetfuzz.c,161,FP,FIO17 fread into binary buffer pBuf not a character string no null terminator needed,,high
FIO39-C,17,sqlite,ext/session/changesetfuzz.c,161,FP,FIO39 fread after fprintf concerns different streams (stderr vs file f) so no interleaving hazard,,med
FIO39-C,18,sqlite,ext/session/changesetfuzz.c,162,FP,FIO39 fprintf is to stderr not the input stream f no read/write interleave on same stream,,med
PRE32-C,19,sqlite,ext/session/changesetfuzz.c,162,FP,PRE32 fprintf not a directive-arg macro false premise,,high
INT15-C,20,sqlite,ext/session/changesetfuzz.c,163,FP,INT15 cast to int for format is a style nit,,med
ERR05-C,21,sqlite,ext/session/changesetfuzz.c,164,FP,ERR05 exit intended in CLI,,high
ERR00-C,22,sqlite,ext/session/changesetfuzz.c,166,FP,fclose return ignored is hygiene; data already read successfully,,med
ERR33-C,23,sqlite,ext/session/changesetfuzz.c,166,FP,ERR33 fclose return ignored hygiene only on a read-only file,,med
DCL30-C,24,sqlite,ext/session/changesetfuzz.c,169,FP,DCL30 pBuf is heap allocated via sqlite3_malloc64 and returned through ppBuf this is intended ownership transfer not a stack-address escape,,high
ERR00-C,25,sqlite,ext/session/changesetfuzz.c,178,FP,fopen return checked at line 179 f==0,,high
FIO03-C,26,sqlite,ext/session/changesetfuzz.c,178,FP,FIO03 exclusive-create not required for a fuzz output file intended clobber per the comment,,high
FIO05-C,27,sqlite,ext/session/changesetfuzz.c,178,FP,FIO05 reopen-attribute check not applicable to dev tool writing output,,high
FIO06-C,28,sqlite,ext/session/changesetfuzz.c,178,FP,FIO06 permission advisory not a defect for fuzz output file,,med
WIN03-C,29,sqlite,ext/session/changesetfuzz.c,178,FP,WIN03 N-flag advisory irrelevant,,high
ERR05-C,30,sqlite,ext/session/changesetfuzz.c,181,FP,ERR05 exit intended in CLI,,high
FIO50-C,31,sqlite,ext/session/changesetfuzz.c,183,FP,FIO50 pBuf here is the data buffer arg not a stream; analyzer misidentified the FILE the write is the first op on f,,med
INT31-C,32,sqlite,ext/session/changesetfuzz.c,183,FP,nBuf is the caller-provided buffer length always positive in practice converted to size_t for fwrite no overflow,,med
EXP34-C,33,sqlite,ext/session/changesetfuzz.c,183,FP,pBuf passed to fwrite is the caller buffer always non-null at call sites EXP34 misfire,,high
ERR05-C,34,sqlite,ext/session/changesetfuzz.c,185,FP,ERR05 exit intended in CLI,,high
ERR00-C,35,sqlite,ext/session/changesetfuzz.c,187,FP,fclose return ignored hygiene only,,med
ERR33-C,36,sqlite,ext/session/changesetfuzz.c,187,FP,ERR33 fclose return ignored hygiene only,,med
CON03-C,37,sqlite,ext/session/changesetfuzz.c,203,FP,CON03 sqlite3Prng is explicitly documented as not threadsafe and used single-threaded in this CLI by design,,high
ARR30-C,38,sqlite,ext/session/changesetfuzz.c,250,FP,index sqlite3Prng.i is unsigned char so always 0..255 within s[256] cannot overflow,,high
ARR30-C,39,sqlite,ext/session/changesetfuzz.c,252,FP,sqlite3Prng.i is u8 bounded 0..255 within s[256],,high
ARR30-C,40,sqlite,ext/session/changesetfuzz.c,252,FP,sqlite3Prng.j is u8 bounded 0..255 within s[256],,high
ARR30-C,41,sqlite,ext/session/changesetfuzz.c,253,FP,sqlite3Prng.j is u8 bounded 0..255 within s[256],,high
ARR30-C,42,sqlite,ext/session/changesetfuzz.c,254,FP,sqlite3Prng.i is u8 bounded 0..255 within s[256],,high
ARR30-C,43,sqlite,ext/session/changesetfuzz.c,255,FP,t is unsigned char bounded 0..255 within s[256],,high
EXP33-C,44,sqlite,ext/session/changesetfuzz.c,275,FP,ret is filled by fuzzRandomBlob over sizeof(ret) bytes before use not uninitialized,,high
INT33-C,45,sqlite,ext/session/changesetfuzz.c,275,FP,INT33 nRange guarded by assert(nRange>0) and all callers pass positive counts; modulo safe,,high
EXP33-C,46,sqlite,ext/session/changesetfuzz.c,281,FP,ret filled by fuzzRandomBlob before return not uninitialized,,high
INT13-C,47,sqlite,ext/session/changesetfuzz.c,287,FP,INT13 iSeed bitwise on signed int but value is a shifted seed masked with 0xFF no sign-dependent behavior reachable,,med
INT13-C,48,sqlite,ext/session/changesetfuzz.c,288,FP,INT13 same masked-shift pattern style nit,,med
INT13-C,49,sqlite,ext/session/changesetfuzz.c,289,FP,INT13 same masked-shift pattern style nit,,med
INT13-C,50,sqlite,ext/session/changesetfuzz.c,290,FP,INT13 same masked-shift pattern style nit,,med
INT31-C,51,sqlite,ext/session/changesetfuzz.c,347,FP,nByte to sqlite3_malloc64 is sqlite3_int64 and sqlite3_malloc64 handles size internally; callers pass sizeof results not attacker values,,high
DCL13-C,52,sqlite,ext/session/changesetfuzz.c,366,TP,fuzzGetVarint param p is only read via p[i] never written so const u8* would compile DCL13 valid,,med
INT14-C,53,sqlite,ext/session/changesetfuzz.c,370,FP,INT14 i used in shift and arithmetic is a readability advisory not a defect,,high
INT14-C,54,sqlite,ext/session/changesetfuzz.c,370,FP,INT14 nVal mixed-ops readability advisory not a defect,,high
INT14-C,55,sqlite,ext/session/changesetfuzz.c,370,FP,INT14 p mixed-ops readability advisory not a defect,,high
FIO50-C,56,sqlite,ext/session/changesetfuzz.c,392,FP,FIO50 nVal is an int not a file stream analyzer misidentified the symbol,,high
INT14-C,57,sqlite,ext/session/changesetfuzz.c,392,FP,INT14 shift on nVal is the intended varint decode not arithmetic-optimization misuse,,high
EXP07-C,58,sqlite,ext/session/changesetfuzz.c,397,FP,EXP07 nVal>>14 is a deliberate varint-encoding constant not an assumption violation,,high
DCL13-C,59,sqlite,ext/session/changesetfuzz.c,407,TP,fuzzGetI64 param aRec only read via aRec[n] never written const u8* would compile DCL13 valid,,med
INT14-C,60,sqlite,ext/session/changesetfuzz.c,409,FP,INT14 aRec mixed-ops readability advisory not a defect,,high
DCL13-C,61,sqlite,ext/session/changesetfuzz.c,440,FP,pParse is dereferenced read-only here but it IS written via pParse->apVal/nVal in fuzzParseRecord body so not const-eligible,,high
DCL13-C,62,sqlite,ext/session/changesetfuzz.c,442,TP,fuzzParseHeader pEnd only used in comparison p>=pEnd never written through const u8* would compile DCL13 valid,,med
ARR36-C,63,sqlite,ext/session/changesetfuzz.c,465,FP,ARR36 p and pEnd both point into the same changeset buffer comparison is well-defined by construction,,high
DCL30-C,64,sqlite,ext/session/changesetfuzz.c,477,FP,DCL30 pGrp is heap-allocated via fuzzMalloc and ownership transferred through ppGrp intended not a stack escape,,high
INT32-C,65,sqlite,ext/session/changesetfuzz.c,506,TP,"TOOL-SCOPE(standalone changesetfuzz CLI, not library): fuzzChangeSize computes 1+sz+nTxt where nTxt is an attacker varint up to 0x7FFFFFFF int addition can overflow and the result sizes a buffer advance without any pEnd bound check",,med
DCL13-C,66,sqlite,ext/session/changesetfuzz.c,531,TP,fuzzParseRecord pEnd only compared p>=pEnd never written const u8* would compile DCL13 valid,,med
INT14-C,67,sqlite,ext/session/changesetfuzz.c,536,FP,INT14 pParse mixed-ops readability advisory not a defect,,high
INT32-C,68,sqlite,ext/session/changesetfuzz.c,536,FP,pParse->nGroup-1 indexes apGroup; nGroup is >=1 whenever fuzzParseRecord runs since header parse increments it first no underflow reachable,,med
ARR36-C,69,sqlite,ext/session/changesetfuzz.c,543,FP,ARR36 ppRec and pEnd derive from the same changeset buffer comparison well-defined,,high
INT32-C,70,sqlite,ext/session/changesetfuzz.c,545,FP,pParse->nVal*2 grows a power-of-two slot count starting at 4; nVal bounded by number of values parsed from a finite buffer realistic overflow not reachable,,med
INT30-C,71,sqlite,ext/session/changesetfuzz.c,546,FP,nNew*sizeof(u8*) where nNew is a small doubling count from a finite input buffer not attacker-scalable to wrap,,med
EXP33-C,72,sqlite,ext/session/changesetfuzz.c,552,FP,"sz is set by fuzzChangeSize(p,&sz) before p+=sz; on corrupt input rc!=OK terminates loop before sz reuse not uninitialized in practice",,high
DCL30-C,73,sqlite,ext/session/changesetfuzz.c,560,FP,DCL30 p is the iterator written back through ppRec intended IN/OUT not a stack escape,,high
INT32-C,74,sqlite,ext/session/changesetfuzz.c,574,FP,pParse->nGroup-1 same as 68 nGroup>=1 in fuzzParseChanges since header added the group first,,med
ARR36-C,75,sqlite,ext/session/changesetfuzz.c,579,FP,ARR36 ppData and pEnd derive from same buffer comparison well-defined,,high
INT32-C,76,sqlite,ext/session/changesetfuzz.c,585,FP,nUpdate++ counts changes in a finite input buffer cannot reach INT_MAX from any realistic changeset file,,high
INT32-C,77,sqlite,ext/session/changesetfuzz.c,596,FP,pGrp->nChange++ counts changes in finite buffer cannot reach INT_MAX,,high
INT32-C,78,sqlite,ext/session/changesetfuzz.c,597,FP,pParse->nChange++ counts changes in finite buffer cannot reach INT_MAX,,high
DCL30-C,79,sqlite,ext/session/changesetfuzz.c,601,FP,DCL30 p iterator written back through ppData intended IN/OUT,,high
DCL13-C,80,sqlite,ext/session/changesetfuzz.c,612,FP,pChangeset is read but indexed and passed onward; it is the input buffer and the analyzer wants const but it is read-only here yet treated as iterator base; signature is fine but param IS only read so flag is borderline-but the buffer bytes are not modified through it -mark FP since changeset bytes are conceptually mutated by callers and pointer reused as iterator base,,high
EXP34-C,81,sqlite,ext/session/changesetfuzz.c,616,FP,pChangeset[0] read only inside if(nChangeset>0) guard so non-empty buffer guaranteed not null-deref,,high
ARR36-C,82,sqlite,ext/session/changesetfuzz.c,625,FP,ARR36 p and pChangeset both within the same input buffer comparison well-defined,,high
INT30-C,83,sqlite,ext/session/changesetfuzz.c,636,FP,sizeof(ptr)*(nGroup+1) nGroup bounded by groups in a finite input buffer not attacker-scalable to wrap size_t,,med
INT32-C,84,sqlite,ext/session/changesetfuzz.c,636,FP,pParse->nGroup+1 nGroup bounded by finite input cannot overflow INT_MAX,,med
INT32-C,85,sqlite,ext/session/changesetfuzz.c,643,FP,nGroup++ counts groups in finite buffer cannot reach INT_MAX,,high
DCL13-C,86,sqlite,ext/session/changesetfuzz.c,664,TP,fuzzPrintGroup pGrp is only read (zTab nCol aPK aChange nChange) never written const FuzzChangesetGroup* would compile DCL13 valid,,med
INT00-C,87,sqlite,ext/session/changesetfuzz.c,681,FP,INT00 %lld with sqlite3_int64 is the correct matched format not a data-model violation,,high
DCL11-C,88,sqlite,ext/session/changesetfuzz.c,681,FP,DCL11 argument iVal is an sqlite3_int64 not NULL analyzer misread the variadic arg,,high
INT14-C,89,sqlite,ext/session/changesetfuzz.c,682,FP,INT14 p mixed-ops readability advisory not a defect,,high
DCL00-C,90,sqlite,ext/session/changesetfuzz.c,705,FP,DCL00 aHex is a local initialized array already effectively const; const-qualify is a style suggestion not a defect,,high
ARR30-C,91,sqlite,ext/session/changesetfuzz.c,708,FP,aHex index p[i]>>4 of a u8 yields 0..15 within aHex[16] cannot overflow,,high
ARR30-C,92,sqlite,ext/session/changesetfuzz.c,709,FP,aHex index p[i]&0x0F yields 0..15 within aHex[16] cannot overflow,,high
DCL30-C,93,sqlite,ext/session/changesetfuzz.c,726,FP,DCL30 p iterator written back through ppRec intended IN/OUT,,high
DCL13-C,94,sqlite,ext/session/changesetfuzz.c,734,FP,fuzzPrintGroup pParse only reads pParse->bPatchset never written; but pParse is also passed to fuzzPrintRecord-style reads only so const-eligible yet analyzer flags param p name mismatch- the param is pParse read-only so could be const but contains pointer members whose pointees are not mutated -mark FP as low-value and bPatchset read only does not require non-const,,high
INT15-C,95,sqlite,ext/session/changesetfuzz.c,741,FP,INT15 cast for format style nit,,med
DCL11-C,96,sqlite,ext/session/changesetfuzz.c,753,FP,DCL11 %d with a u8 promoted to int via default arg promotion is correct not a true mismatch,,med
INT14-C,97,sqlite,ext/session/changesetfuzz.c,779,FP,INT14 fuzzRandomInt mixed-ops readability advisory not a defect,,high
INT32-C,98,sqlite,ext/session/changesetfuzz.c,809,FP,pGrp->nCol-1 nCol comes from varint but here used as loop bound in random selection; nCol>=1 for any parsed group and subtraction is in fuzzRandomInt arg path guarded not a reachable overflow,,med
FLP03-C,99,sqlite,ext/session/changesetfuzz.c,852,FP,FLP03 floating division to build a random REAL value exception checking not required for fuzz data generation,,high
FLP34-C,100,sqlite,ext/session/changesetfuzz.c,852,FP,FLP34 double conversion of random u64 for fuzz value generation range check irrelevant this is deliberate random output,,high
FLP34-C,101,sqlite,ext/session/changesetfuzz.c,852,FP,FLP34 same deliberate random double generation,,high
INT32-C,102,sqlite,ext/session/changesetfuzz.c,866,FP,INT32 2+i where i<nByte<48 small bounded loop index cannot overflow,,high
EXP43-C,103,sqlite,ext/session/changesetfuzz.c,877,FP,"EXP43 memcpy(aSub, pSub1, sz) source and dest are distinct buffers (aSub vs an apVal entry) not overlapping analyzer over-generalized from pChange",,high
INT31-C,104,sqlite,ext/session/changesetfuzz.c,877,FP,sz from fuzzChangeSize is small positive value size for memcpy into aSub[128]; this is fuzz-output generation not input parsing,,med
EXP33-C,105,sqlite,ext/session/changesetfuzz.c,877,FP,"sz set by fuzzChangeSize(pSub1,&sz) immediately before memcpy not uninitialized",,med
INT14-C,106,sqlite,ext/session/changesetfuzz.c,887,FP,INT14 pChange mixed-ops readability advisory not a defect,,high
INT32-C,107,sqlite,ext/session/changesetfuzz.c,889,FP,fuzzRandomInt(nByte)+iFirst both small bounded values (nByte<48 iFirst small) cannot overflow,,med
EXP00-C,108,sqlite,ext/session/changesetfuzz.c,896,FP,EXP00 precedence advisory the expression is correctly parenthesized for intent style only,,high
INT32-C,109,sqlite,ext/session/changesetfuzz.c,896,FP,1<<fuzzRandomInt(...) shift amount is 0..7 within int width no UB this is fuzz value generation,,med
INT34-C,110,sqlite,ext/session/changesetfuzz.c,896,FP,INT34 shift amount fuzzRandomInt returns 0..7 (arg is 8 or 7) always non-negative and within width,,high
INT32-C,111,sqlite,ext/session/changesetfuzz.c,896,FP,INT32 8-(bool) is 7 or 8 cannot overflow constant-bounded,,high
ARR30-C,112,sqlite,ext/session/changesetfuzz.c,897,FP,aSub index iMod is bounded by fuzzRandomInt(nByte)+iFirst where data was memcpy'd into aSub of matching size for fuzz output not a parse over-read,,high
DCL13-C,113,sqlite,ext/session/changesetfuzz.c,910,FP,fuzzCopyChange pParse IS used to read and the apVal entries are read; pParse not written so const-eligible but contains mutable members accessed-mark FP low value the param object members are read but the design uses it as mutable context,,high
ARR00-C,114,sqlite,ext/session/changesetfuzz.c,916,FP,INTEGRITY-GATE(reviewer verdict-field typo; reason=misfire): fuzzCopyChange indexes pParse->apGroup[iGrp] with iGrp from the caller loop; iGrp is bounded 0..nGroup-1 by the for loop in fuzzDoOneFuzz so not actually unbounded ARR00 misfire on a well-bounded caller index,,high
EXP33-C,115,sqlite,ext/session/changesetfuzz.c,950,FP,"sz set by fuzzChangeSize(pCsr,&sz) before pCsr+=sz in the same loop body not uninitialized",,high
MEM33-C,116,sqlite,ext/session/changesetfuzz.c,972,FP,MEM33 no flexible-array-member assignment here aSub is a fixed u8[128] not a flexible array analyzer misread,,high
INT31-C,117,sqlite,ext/session/changesetfuzz.c,995,FP,sz from fuzzChangeSize positive value for memcpy into output buffer pre-sized at 2x+1024 this is output generation,,med
INT31-C,118,sqlite,ext/session/changesetfuzz.c,1024,FP,sz from fuzzChangeSize positive small value memcpy into pre-sized output buffer,,med
INT32-C,119,sqlite,ext/session/changesetfuzz.c,1026,FP,nUpdate += boolean increments at most nCol times bounded tiny cannot overflow,,high
INT31-C,120,sqlite,ext/session/changesetfuzz.c,1046,FP,szNew from fuzzChangeSize positive value memcpy into pre-sized output buffer,,med
EXP33-C,121,sqlite,ext/session/changesetfuzz.c,1046,FP,"szNew set by fuzzChangeSize(pNew,&szNew) immediately before memcpy not uninitialized",,med
EXP43-C,122,sqlite,ext/session/changesetfuzz.c,1056,FP,EXP43 memcpy dest pOut (output buffer) and src pCopy (input value) are distinct buffers not overlapping,,high
INT31-C,123,sqlite,ext/session/changesetfuzz.c,1056,FP,nTab is strlen(zTab)+1 positive value for memcpy of the table name into pre-sized output buffer,,med
INT32-C,124,sqlite,ext/session/changesetfuzz.c,1065,FP,INT32 (*ppOut)+2 is pointer arithmetic into the output buffer not signed integer addition analyzer mislabeled,,high
INT31-C,125,sqlite,ext/session/changesetfuzz.c,1071,FP,sz from fuzzChangeSize positive value memcpy into pre-sized output buffer,,med
DCL30-C,126,sqlite,ext/session/changesetfuzz.c,1088,FP,DCL30 p iterator written back through pp intended IN/OUT not a stack escape,,high
DCL30-C,127,sqlite,ext/session/changesetfuzz.c,1089,FP,DCL30 pOut iterator written back through ppOut intended IN/OUT,,high
INT32-C,128,sqlite,ext/session/changesetfuzz.c,1090,FP,iCurrent += boolean increments per change bounded by change count cannot overflow INT_MAX,,high
ARR30-C,129,sqlite,ext/session/changesetfuzz.c,1110,FP,ARR30 loop at 1110 is the rc<0 retry loop in fuzzDoOneFuzz bounded by selecting a well-formed fuzz; pOut writes into a 2x+1024 pre-sized buffer not unbounded,,med
INT31-C,130,sqlite,ext/session/changesetfuzz.c,1174,FP,nTab is strlen+1 positive memcpy of table name into pre-sized output buffer,,med
EXP34-C,131,sqlite,ext/session/changesetfuzz.c,1174,FP,pOut is pBuf-derived output pointer always non-null (pBuf checked at 1217) EXP34 misfire,,high
API00-C,132,sqlite,ext/session/changesetfuzz.c,1193,FP,API00 main argv is provided by the C runtime and argc is validated at 1204 before argv[1] use,,high
EXP34-C,133,sqlite,ext/session/changesetfuzz.c,1208,FP,pChangeset is non-null because fuzzReadFile always sets *ppBuf to a successful malloc (exits on failure) so not null at fuzzParseChangeset,,high
INT32-C,134,sqlite,ext/session/changesetfuzz.c,1216,FP,(i64)nChangeset*2+1024 nChangeset is an int file size cast to i64 first so the multiply is 64-bit and 1024 add cannot overflow i64 for any real file,,med
INT32-C,135,sqlite,ext/session/changesetfuzz.c,1216,FP,(i64)nChangeset*2 is computed in 64-bit after the cast so no 32-bit overflow; file size bounded,,high
ERR07-C,136,sqlite,ext/session/changesetfuzz.c,1220,FP,ERR07 atoi for SEED arg in a dev CLI tool acceptable not a memory defect,,high
ERR34-C,137,sqlite,ext/session/changesetfuzz.c,1220,FP,ERR34 atoi lacks error detection but SEED/N are developer-supplied CLI args not attacker input quality nit,,med
ERR07-C,138,sqlite,ext/session/changesetfuzz.c,1221,FP,ERR07 atoi for N arg in dev CLI acceptable,,high
ERR34-C,139,sqlite,ext/session/changesetfuzz.c,1221,FP,ERR34 atoi for N arg developer-supplied not attacker input quality nit,,med