stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/atk1.0-2.36.0/atk/atkaction.h
Examining data/atk1.0-2.36.0/atk/atkselection.h
Examining data/atk1.0-2.36.0/atk/atkhypertext.c
Examining data/atk1.0-2.36.0/atk/atkobjectfactory.h
Examining data/atk1.0-2.36.0/atk/atkhyperlinkimpl.c
Examining data/atk1.0-2.36.0/atk/atkdocument.h
Examining data/atk1.0-2.36.0/atk/atkselection.c
Examining data/atk1.0-2.36.0/atk/atkeditabletext.h
Examining data/atk1.0-2.36.0/atk/atknoopobject.c
Examining data/atk1.0-2.36.0/atk/atkutil.h
Examining data/atk1.0-2.36.0/atk/atktablecell.h
Examining data/atk1.0-2.36.0/atk/atkplug.c
Examining data/atk1.0-2.36.0/atk/atkregistry.h
Examining data/atk1.0-2.36.0/atk/atkstateset.h
Examining data/atk1.0-2.36.0/atk/atkhyperlinkimpl.h
Examining data/atk1.0-2.36.0/atk/atkimage.c
Examining data/atk1.0-2.36.0/atk/atkvalue.c
Examining data/atk1.0-2.36.0/atk/atkstreamablecontent.c
Examining data/atk1.0-2.36.0/atk/atkstate.c
Examining data/atk1.0-2.36.0/atk/atkaction.c
Examining data/atk1.0-2.36.0/atk/atkcomponent.c
Examining data/atk1.0-2.36.0/atk/atkstreamablecontent.h
Examining data/atk1.0-2.36.0/atk/atkcomponent.h
Examining data/atk1.0-2.36.0/atk/atksocket.h
Examining data/atk1.0-2.36.0/atk/atkrelation.h
Examining data/atk1.0-2.36.0/atk/atkrelationset.c
Examining data/atk1.0-2.36.0/atk/atkwindow.h
Examining data/atk1.0-2.36.0/atk/atktext.h
Examining data/atk1.0-2.36.0/atk/atkdocument.c
Examining data/atk1.0-2.36.0/atk/atkstate.h
Examining data/atk1.0-2.36.0/atk/atkeditabletext.c
Examining data/atk1.0-2.36.0/atk/atknoopobjectfactory.c
Examining data/atk1.0-2.36.0/atk/atkmisc.c
Examining data/atk1.0-2.36.0/atk/atkhypertext.h
Examining data/atk1.0-2.36.0/atk/atkrelationtype.h
Examining data/atk1.0-2.36.0/atk/atkplug.h
Examining data/atk1.0-2.36.0/atk/atkrelationset.h
Examining data/atk1.0-2.36.0/atk/atkprivate.c
Examining data/atk1.0-2.36.0/atk/atkobjectfactory.c
Examining data/atk1.0-2.36.0/atk/atknoopobject.h
Examining data/atk1.0-2.36.0/atk/atksocket.c
Examining data/atk1.0-2.36.0/atk/atktablecell.c
Examining data/atk1.0-2.36.0/atk/atkstateset.c
Examining data/atk1.0-2.36.0/atk/atktable.h
Examining data/atk1.0-2.36.0/atk/atkimage.h
Examining data/atk1.0-2.36.0/atk/atkrelation.c
Examining data/atk1.0-2.36.0/atk/atkgobjectaccessible.h
Examining data/atk1.0-2.36.0/atk/atknoopobjectfactory.h
Examining data/atk1.0-2.36.0/atk/atkgobjectaccessible.c
Examining data/atk1.0-2.36.0/atk/atkversion.c
Examining data/atk1.0-2.36.0/atk/atkutil.c
Examining data/atk1.0-2.36.0/atk/atktext.c
Examining data/atk1.0-2.36.0/atk/atkprivate.h
Examining data/atk1.0-2.36.0/atk/atkwindow.c
Examining data/atk1.0-2.36.0/atk/atkvalue.h
Examining data/atk1.0-2.36.0/atk/atktable.c
Examining data/atk1.0-2.36.0/atk/atkhyperlink.h
Examining data/atk1.0-2.36.0/atk/atkobject.h
Examining data/atk1.0-2.36.0/atk/atkregistry.c
Examining data/atk1.0-2.36.0/atk/atkmisc.h
Examining data/atk1.0-2.36.0/atk/atkrange.h
Examining data/atk1.0-2.36.0/atk/atk.h
Examining data/atk1.0-2.36.0/atk/atkhyperlink.c
Examining data/atk1.0-2.36.0/atk/atkobject.c
Examining data/atk1.0-2.36.0/atk/atkrange.c
Examining data/atk1.0-2.36.0/tests/testrole.c
Examining data/atk1.0-2.36.0/tests/testdocument.c
Examining data/atk1.0-2.36.0/tests/testvalue.c
Examining data/atk1.0-2.36.0/tests/testrelation.c
Examining data/atk1.0-2.36.0/tests/teststateset.c

FINAL RESULTS:

data/atk1.0-2.36.0/atk/atkprivate.c:69:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      p = ATK_LOCALEDIR + strlen (ATK_LOCALEDIR);

ANALYSIS SUMMARY:

Hits = 1
Lines analyzed = 18560 in approximately 0.48 seconds (38384 lines/second)
Physical Source Lines of Code (SLOC) = 9600
Hits@level = [0]   0 [1]   1 [2]   0 [3]   0 [4]   0 [5]   0
Hits@level+ = [0+]   1 [1+]   1 [2+]   0 [3+]   0 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 0.104167 [1+] 0.104167 [2+]   0 [3+]   0 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.