Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/alsamixergui-0.9.0rc2-1/src/Fl_AM.H
Examining data/alsamixergui-0.9.0rc2-1/src/Fl_Menu_Button.cxx
Examining data/alsamixergui-0.9.0rc2-1/src/defines.H
Examining data/alsamixergui-0.9.0rc2-1/src/ncurser_to_fl.H
Examining data/alsamixergui-0.9.0rc2-1/src/Fl_AM.cxx
Examining data/alsamixergui-0.9.0rc2-1/src/Fl_Pixmap_Button.H
Examining data/alsamixergui-0.9.0rc2-1/src/alsamixer.cxx
Parsing failed to find end of parameter list; semicolon terminated it in  (errorstr,
#else      
      fprintf (stderr,
#endif /* #ifdef ALSAMIXER_GUI */
	       PRGNAME ": function %s failed for %s: %s\n",
	       err_string,
	       card_id,
	       snd_strerror (xerrno)
Parsing failed to find end of parameter list; semicolon terminated it in  (errorstr,
#else      
      fprintf (stderr,
#endif /* #ifdef ALSAMIXER_GUI */
	       PRGNAME ": function %s failed: %s\n",
	       err_string,
	       snd_strerror (xerrno));
      break;
    case
Parsing failed to find end of parameter list; semicolon terminated it in  (errorstr,
#else      
      fprintf (stderr,
#endif /* #ifdef ALSAMIXER_GUI */
	       PRGNAME ": aborting due to signal `%s'\n",
	       err_string);
      break;
    case ERR_WINSIZE:
#ifdef ALSAM
Parsing failed to find end of parameter list; semicolon terminated it in  (errorstr,
#else      
      fprintf (stderr,
#endif /* #ifdef ALSAMIXER_GUI */
	       PRGNAME ": screen size too small (%dx%d)\n",
	       mixer_max_x,
	       mixer_max_y);
      break;
    defaul

FINAL RESULTS:

data/alsamixergui-0.9.0rc2-1/src/Fl_AM.cxx:203:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(tmp,mixer_card_name);
data/alsamixergui-0.9.0rc2-1/src/Fl_AM.cxx:208:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(tmp,mixer_device_name);
data/alsamixergui-0.9.0rc2-1/src/Fl_AM.cxx:244:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(string1, "%s %d", snd_mixer_selem_id_get_name(sid), snd_mixer_selem_id_get_index(sid));
data/alsamixergui-0.9.0rc2-1/src/Fl_AM.cxx:246:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(string1, snd_mixer_selem_id_get_name(sid));
data/alsamixergui-0.9.0rc2-1/src/alsamixer.cxx:450:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf (errorstr,
data/alsamixergui-0.9.0rc2-1/src/alsamixer.cxx:452:7:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      fprintf (stderr,
data/alsamixergui-0.9.0rc2-1/src/alsamixer.cxx:461:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf (errorstr,
data/alsamixergui-0.9.0rc2-1/src/alsamixer.cxx:463:7:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      fprintf (stderr,
data/alsamixergui-0.9.0rc2-1/src/alsamixer.cxx:471:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf (errorstr,
data/alsamixergui-0.9.0rc2-1/src/alsamixer.cxx:473:7:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      fprintf (stderr,
data/alsamixergui-0.9.0rc2-1/src/alsamixer.cxx:480:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf (errorstr,
data/alsamixergui-0.9.0rc2-1/src/alsamixer.cxx:482:7:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      fprintf (stderr,
data/alsamixergui-0.9.0rc2-1/src/alsamixer.cxx:818:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(string, snd_mixer_selem_id_get_name(sid));
data/alsamixergui-0.9.0rc2-1/src/alsamixer.cxx:841:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(string1, "%s%s %d", snd_mixer_selem_id_get_name(sid), suffix, snd_mixer_selem_id_get_index(sid));
data/alsamixergui-0.9.0rc2-1/src/alsamixer.cxx:843:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(string1, "%s%s", snd_mixer_selem_id_get_name(sid), suffix);
data/alsamixergui-0.9.0rc2-1/src/alsamixer.cxx:849:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf (string + (8 - strlen (string1)) / 2, "%s          ", string1);
data/alsamixergui-0.9.0rc2-1/src/alsamixer.cxx:1071:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf (string, "%s", mixer_card_name);
data/alsamixergui-0.9.0rc2-1/src/alsamixer.cxx:1082:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf (string, "%s", mixer_device_name);
data/alsamixergui-0.9.0rc2-1/src/alsamixer.cxx:1119:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf (string, "%s %s", PRGNAME_UPPER, VERSION);
data/alsamixergui-0.9.0rc2-1/src/alsamixer.cxx:1517:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(mixer_card_name, snd_ctl_card_info_get_name(hw_info));
data/alsamixergui-0.9.0rc2-1/src/alsamixer.cxx:1518:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(mixer_device_name, snd_ctl_card_info_get_mixername(hw_info));
data/alsamixergui-0.9.0rc2-1/src/alsamixer.cxx:2107:13:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
      opt = getopt (argc, argv, "c:D:shg");
data/alsamixergui-0.9.0rc2-1/src/Fl_AM.cxx:80:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char mixer_card_name[128];
data/alsamixergui-0.9.0rc2-1/src/Fl_AM.cxx:81:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char mixer_device_name[128];
data/alsamixergui-0.9.0rc2-1/src/Fl_AM.cxx:135:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256];
data/alsamixergui-0.9.0rc2-1/src/Fl_AM.cxx:200:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256];
data/alsamixergui-0.9.0rc2-1/src/Fl_AM.cxx:202:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(tmp,"Card: ");
data/alsamixergui-0.9.0rc2-1/src/Fl_AM.cxx:207:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(tmp,"Chip: ");
data/alsamixergui-0.9.0rc2-1/src/Fl_AM.cxx:260:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char string[256];
data/alsamixergui-0.9.0rc2-1/src/alsamixer.cxx:210:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char	 card_id[64] = "default";
data/alsamixergui-0.9.0rc2-1/src/alsamixer.cxx:212:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char	 mixer_card_name[128];
data/alsamixergui-0.9.0rc2-1/src/alsamixer.cxx:213:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char	 mixer_device_name[128];
data/alsamixergui-0.9.0rc2-1/src/alsamixer.cxx:443:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char errorstr[256];
data/alsamixergui-0.9.0rc2-1/src/alsamixer.cxx:748:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char string[128], string1[64], *suffix;
data/alsamixergui-0.9.0rc2-1/src/alsamixer.cxx:820:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
      strcat(string, " Capture");
data/alsamixergui-0.9.0rc2-1/src/alsamixer.cxx:822:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(string + strlen(string), " %i", snd_mixer_selem_id_get_index(sid));
data/alsamixergui-0.9.0rc2-1/src/alsamixer.cxx:859:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf (string, "%ld", vleft);
data/alsamixergui-0.9.0rc2-1/src/alsamixer.cxx:865:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf (string, "%ld", vright);
data/alsamixergui-0.9.0rc2-1/src/alsamixer.cxx:1060:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char string[128];
data/alsamixergui-0.9.0rc2-1/src/alsamixer.cxx:1395:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (vbuf->buffer + vbuf->len, text, len);
data/alsamixergui-0.9.0rc2-1/src/alsamixer.cxx:1406:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fd = open (name, O_RDONLY);
data/alsamixergui-0.9.0rc2-1/src/alsamixer.cxx:1409:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buffer[1025];
data/alsamixergui-0.9.0rc2-1/src/alsamixer.cxx:2122:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(card_id, "hw:%i", i);
data/alsamixergui-0.9.0rc2-1/src/Fl_AM.cxx:264:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strlen("PCM Chorus ")) &&
data/alsamixergui-0.9.0rc2-1/src/Fl_AM.cxx:266:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strlen("PCM Front ")) &&
data/alsamixergui-0.9.0rc2-1/src/Fl_AM.cxx:268:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strlen("PCM Pan Playback Control ")) &&
data/alsamixergui-0.9.0rc2-1/src/Fl_AM.cxx:269:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncmp(string,"PCM Reverb ",strlen("PCM Reverb "))
data/alsamixergui-0.9.0rc2-1/src/Fl_AM.cxx:467:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int n=strlen(substr[i]);
data/alsamixergui-0.9.0rc2-1/src/Fl_AM.cxx:479:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(ptr,substr[i],n);
data/alsamixergui-0.9.0rc2-1/src/alsamixer.cxx:444:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
  strcpy(errorstr,"");
data/alsamixergui-0.9.0rc2-1/src/alsamixer.cxx:822:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      sprintf(string + strlen(string), " %i", snd_mixer_selem_id_get_index(sid));
data/alsamixergui-0.9.0rc2-1/src/alsamixer.cxx:824:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(string1, string, strlen(string));
data/alsamixergui-0.9.0rc2-1/src/alsamixer.cxx:824:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    strncpy(string1, string, strlen(string));
data/alsamixergui-0.9.0rc2-1/src/alsamixer.cxx:849:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  sprintf (string + (8 - strlen (string1)) / 2, "%s          ", string1);
data/alsamixergui-0.9.0rc2-1/src/alsamixer.cxx:860:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  mvaddstr (y, x + 3 - strlen (string), string);
data/alsamixergui-0.9.0rc2-1/src/alsamixer.cxx:1073:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen (string) > max_len)
data/alsamixergui-0.9.0rc2-1/src/alsamixer.cxx:1084:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen (string) > max_len)
data/alsamixergui-0.9.0rc2-1/src/alsamixer.cxx:1120:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  max_len = strlen (string);
data/alsamixergui-0.9.0rc2-1/src/alsamixer.cxx:1292:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      l = strlen (title);
data/alsamixergui-0.9.0rc2-1/src/alsamixer.cxx:1380:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define vbuffer_append_string(vb,str)	vbuffer_append (vb, str, strlen (str))
data/alsamixergui-0.9.0rc2-1/src/alsamixer.cxx:1414:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	  l = read (fd, buffer, 1024);
data/alsamixergui-0.9.0rc2-1/src/alsamixer.cxx:2126:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	  strncpy(card_id, optarg, sizeof(card_id));

ANALYSIS SUMMARY:

Hits = 62
Lines analyzed = 3175 in approximately 0.07 seconds (44073 lines/second)
Physical Source Lines of Code (SLOC) = 2584
Hits@level = [0]   6 [1]  19 [2]  21 [3]   1 [4]  21 [5]   0
Hits@level+ = [0+]  68 [1+]  62 [2+]  43 [3+]  22 [4+]  21 [5+]   0
Hits/KSLOC@level+ = [0+] 26.3158 [1+] 23.9938 [2+] 16.6409 [3+] 8.51393 [4+] 8.12693 [5+]   0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.