Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-mixer-control.h Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-mixer-control.c Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-mixer-stream-private.h Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-mixer-sink-input.c Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-mixer-source-output.c Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-mixer-card.h Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-mixer-ui-device.c Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-mixer-card.c Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-mixer-ui-device.h Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-mixer-stream.c Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-mixer-event-role.c Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-mixer-source.c Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-mixer-sink.h Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-channel-map-private.h Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-mixer-source.h Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-mixer-card-private.h Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/test-audio-device-selection.c Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-pulseaudio-fake.h Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-channel-map.h Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/tests-include/config.h Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-channel-map.c Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-mixer-sink-input.h Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-mixer-control-private.h Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-mixer-stream.h Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-mixer-source-output.h Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-mixer-event-role.h Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-mixer-sink.c Examining data/budgie-desktop-10.5.1+git20200824/src/config/budgie-config.c Examining data/budgie-desktop-10.5.1+git20200824/src/config/budgie-config.h Examining data/budgie-desktop-10.5.1+git20200824/src/plugin/applet-info.h Examining data/budgie-desktop-10.5.1+git20200824/src/plugin/popover-manager.c Examining data/budgie-desktop-10.5.1+git20200824/src/plugin/applet.c Examining data/budgie-desktop-10.5.1+git20200824/src/plugin/applet.h Examining data/budgie-desktop-10.5.1+git20200824/src/plugin/popover-manager.h Examining data/budgie-desktop-10.5.1+git20200824/src/plugin/popover.c Examining data/budgie-desktop-10.5.1+git20200824/src/plugin/util.h Examining data/budgie-desktop-10.5.1+git20200824/src/plugin/applet-info.c Examining data/budgie-desktop-10.5.1+git20200824/src/plugin/plugin.h Examining data/budgie-desktop-10.5.1+git20200824/src/plugin/plugin.c Examining data/budgie-desktop-10.5.1+git20200824/src/plugin/popover.h Examining data/budgie-desktop-10.5.1+git20200824/src/applets/tray/carbontray/tray.c Examining data/budgie-desktop-10.5.1+git20200824/src/applets/tray/carbontray/child.c Examining data/budgie-desktop-10.5.1+git20200824/src/applets/tray/carbontray/child.h Examining data/budgie-desktop-10.5.1+git20200824/src/applets/tray/carbontray/tray.h Examining data/budgie-desktop-10.5.1+git20200824/src/theme/theme.h Examining data/budgie-desktop-10.5.1+git20200824/src/theme/theme-manager.c Examining data/budgie-desktop-10.5.1+git20200824/src/theme/theme.c Examining data/budgie-desktop-10.5.1+git20200824/src/theme/theme-manager.h FINAL RESULTS: data/budgie-desktop-10.5.1+git20200824/src/applets/tray/carbontray/tray.c:353:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((message->string + message->length - message->remainingLength), &xevent->data,(unsigned long) length); data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-mixer-control.c:1466:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char map_buff[PA_CHANNEL_MAP_SNPRINT_MAX]; data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/test-audio-device-selection.c:27:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *args[G_N_ELEMENTS (audio_selection_choices) + 1]; ANALYSIS SUMMARY: Hits = 3 Lines analyzed = 12405 in approximately 0.34 seconds (36118 lines/second) Physical Source Lines of Code (SLOC) = 8370 Hits@level = [0] 1 [1] 0 [2] 3 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 4 [1+] 3 [2+] 3 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0.477897 [1+] 0.358423 [2+] 0.358423 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.