stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-mixer-control.h
Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-mixer-control.c
Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-mixer-stream-private.h
Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-mixer-sink-input.c
Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-mixer-source-output.c
Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-mixer-card.h
Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-mixer-ui-device.c
Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-mixer-card.c
Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-mixer-ui-device.h
Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-mixer-stream.c
Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-mixer-event-role.c
Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-mixer-source.c
Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-mixer-sink.h
Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-channel-map-private.h
Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-mixer-source.h
Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-mixer-card-private.h
Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/test-audio-device-selection.c
Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-pulseaudio-fake.h
Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-channel-map.h
Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/tests-include/config.h
Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-channel-map.c
Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-mixer-sink-input.h
Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-mixer-control-private.h
Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-mixer-stream.h
Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-mixer-source-output.h
Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-mixer-event-role.h
Examining data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-mixer-sink.c
Examining data/budgie-desktop-10.5.1+git20200824/src/config/budgie-config.c
Examining data/budgie-desktop-10.5.1+git20200824/src/config/budgie-config.h
Examining data/budgie-desktop-10.5.1+git20200824/src/plugin/applet-info.h
Examining data/budgie-desktop-10.5.1+git20200824/src/plugin/popover-manager.c
Examining data/budgie-desktop-10.5.1+git20200824/src/plugin/applet.c
Examining data/budgie-desktop-10.5.1+git20200824/src/plugin/applet.h
Examining data/budgie-desktop-10.5.1+git20200824/src/plugin/popover-manager.h
Examining data/budgie-desktop-10.5.1+git20200824/src/plugin/popover.c
Examining data/budgie-desktop-10.5.1+git20200824/src/plugin/util.h
Examining data/budgie-desktop-10.5.1+git20200824/src/plugin/applet-info.c
Examining data/budgie-desktop-10.5.1+git20200824/src/plugin/plugin.h
Examining data/budgie-desktop-10.5.1+git20200824/src/plugin/plugin.c
Examining data/budgie-desktop-10.5.1+git20200824/src/plugin/popover.h
Examining data/budgie-desktop-10.5.1+git20200824/src/applets/tray/carbontray/tray.c
Examining data/budgie-desktop-10.5.1+git20200824/src/applets/tray/carbontray/child.c
Examining data/budgie-desktop-10.5.1+git20200824/src/applets/tray/carbontray/child.h
Examining data/budgie-desktop-10.5.1+git20200824/src/applets/tray/carbontray/tray.h
Examining data/budgie-desktop-10.5.1+git20200824/src/theme/theme.h
Examining data/budgie-desktop-10.5.1+git20200824/src/theme/theme-manager.c
Examining data/budgie-desktop-10.5.1+git20200824/src/theme/theme.c
Examining data/budgie-desktop-10.5.1+git20200824/src/theme/theme-manager.h

FINAL RESULTS:

data/budgie-desktop-10.5.1+git20200824/src/applets/tray/carbontray/tray.c:353:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy((message->string + message->length - message->remainingLength), &xevent->data,(unsigned long) length);
data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/gvc-mixer-control.c:1466:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char            map_buff[PA_CHANNEL_MAP_SNPRINT_MAX];
data/budgie-desktop-10.5.1+git20200824/subprojects/gvc/test-audio-device-selection.c:27:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *args[G_N_ELEMENTS (audio_selection_choices) + 1];

ANALYSIS SUMMARY:

Hits = 3
Lines analyzed = 12405 in approximately 0.34 seconds (36118 lines/second)
Physical Source Lines of Code (SLOC) = 8370
Hits@level = [0]   1 [1]   0 [2]   3 [3]   0 [4]   0 [5]   0
Hits@level+ = [0+]   4 [1+]   3 [2+]   3 [3+]   0 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 0.477897 [1+] 0.358423 [2+] 0.358423 [3+]   0 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.