Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/celluloid-0.20/src/celluloid-application.c Examining data/celluloid-0.20/src/celluloid-application.h Examining data/celluloid-0.20/src/celluloid-common.c Examining data/celluloid-0.20/src/celluloid-common.h Examining data/celluloid-0.20/src/celluloid-control-box.c Examining data/celluloid-0.20/src/celluloid-control-box.h Examining data/celluloid-0.20/src/celluloid-controller-actions.c Examining data/celluloid-0.20/src/celluloid-controller-actions.h Examining data/celluloid-0.20/src/celluloid-controller-input.c Examining data/celluloid-0.20/src/celluloid-controller-input.h Examining data/celluloid-0.20/src/celluloid-controller-private.h Examining data/celluloid-0.20/src/celluloid-controller.c Examining data/celluloid-0.20/src/celluloid-controller.h Examining data/celluloid-0.20/src/celluloid-def.h Examining data/celluloid-0.20/src/celluloid-file-chooser.c Examining data/celluloid-0.20/src/celluloid-file-chooser.h Examining data/celluloid-0.20/src/celluloid-header-bar.c Examining data/celluloid-0.20/src/celluloid-header-bar.h Examining data/celluloid-0.20/src/celluloid-main-window-private.h Examining data/celluloid-0.20/src/celluloid-main-window.c Examining data/celluloid-0.20/src/celluloid-main-window.h Examining data/celluloid-0.20/src/celluloid-main.c Examining data/celluloid-0.20/src/celluloid-menu.c Examining data/celluloid-0.20/src/celluloid-menu.h Examining data/celluloid-0.20/src/celluloid-metadata-cache.c Examining data/celluloid-0.20/src/celluloid-metadata-cache.h Examining data/celluloid-0.20/src/celluloid-model.c Examining data/celluloid-0.20/src/celluloid-model.h Examining data/celluloid-0.20/src/celluloid-mpv-private.h Examining data/celluloid-0.20/src/celluloid-mpv-wrapper.c Examining data/celluloid-0.20/src/celluloid-mpv-wrapper.h Examining data/celluloid-0.20/src/celluloid-mpv.c Examining data/celluloid-0.20/src/celluloid-mpv.h Examining data/celluloid-0.20/src/celluloid-open-location-dialog.c Examining data/celluloid-0.20/src/celluloid-open-location-dialog.h Examining data/celluloid-0.20/src/celluloid-option-parser.c Examining data/celluloid-0.20/src/celluloid-option-parser.h Examining data/celluloid-0.20/src/celluloid-player-options.c Examining data/celluloid-0.20/src/celluloid-player-options.h Examining data/celluloid-0.20/src/celluloid-player-private.h Examining data/celluloid-0.20/src/celluloid-player.c Examining data/celluloid-0.20/src/celluloid-player.h Examining data/celluloid-0.20/src/celluloid-playlist-widget.c Examining data/celluloid-0.20/src/celluloid-playlist-widget.h Examining data/celluloid-0.20/src/celluloid-plugins-manager-item.c Examining data/celluloid-0.20/src/celluloid-plugins-manager-item.h Examining data/celluloid-0.20/src/celluloid-plugins-manager.c Examining data/celluloid-0.20/src/celluloid-plugins-manager.h Examining data/celluloid-0.20/src/celluloid-preferences-dialog.c Examining data/celluloid-0.20/src/celluloid-preferences-dialog.h Examining data/celluloid-0.20/src/celluloid-seek-bar.c Examining data/celluloid-0.20/src/celluloid-seek-bar.h Examining data/celluloid-0.20/src/celluloid-shortcuts-window.c Examining data/celluloid-0.20/src/celluloid-shortcuts-window.h Examining data/celluloid-0.20/src/celluloid-time-label.c Examining data/celluloid-0.20/src/celluloid-time-label.h Examining data/celluloid-0.20/src/celluloid-video-area.c Examining data/celluloid-0.20/src/celluloid-video-area.h Examining data/celluloid-0.20/src/celluloid-view.c Examining data/celluloid-0.20/src/celluloid-view.h Examining data/celluloid-0.20/src/media-keys/celluloid-media-keys.c Examining data/celluloid-0.20/src/media-keys/celluloid-media-keys.h Examining data/celluloid-0.20/src/mpris/celluloid-mpris-base.c Examining data/celluloid-0.20/src/mpris/celluloid-mpris-base.h Examining data/celluloid-0.20/src/mpris/celluloid-mpris-module.c Examining data/celluloid-0.20/src/mpris/celluloid-mpris-module.h Examining data/celluloid-0.20/src/mpris/celluloid-mpris-player.c Examining data/celluloid-0.20/src/mpris/celluloid-mpris-player.h Examining data/celluloid-0.20/src/mpris/celluloid-mpris-track-list.c Examining data/celluloid-0.20/src/mpris/celluloid-mpris-track-list.h Examining data/celluloid-0.20/src/mpris/celluloid-mpris.c Examining data/celluloid-0.20/src/mpris/celluloid-mpris.h Examining data/celluloid-0.20/test/test-option-parser.c FINAL RESULTS: data/celluloid-0.20/src/celluloid-common.c:233:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(args, str_array, args_size-sizeof(gchar *)); data/celluloid-0.20/src/celluloid-player-options.c:377:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(orig_dim, dim, 2*sizeof(gint64)); data/celluloid-0.20/src/celluloid-option-parser.c:97:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gssize len = (gssize)strlen(str); data/celluloid-0.20/src/celluloid-player.c:287:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gsize prefix_len = strlen(prefix); data/celluloid-0.20/src/celluloid-player.c:300:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gsize iter_prefix_len = strlen(iter_prefix); data/celluloid-0.20/src/celluloid-player.c:319:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gsize len = strlen(buf); data/celluloid-0.20/src/celluloid-player.c:659:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const gsize len = strlen(default_keybinds[i]); data/celluloid-0.20/src/celluloid-player.c:675:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(input_conf && strlen(input_conf) > 0) data/celluloid-0.20/src/celluloid-playlist-widget.c:484:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pango_layout_set_text(layout, name, (gint)strlen(name)); data/celluloid-0.20/src/celluloid-playlist-widget.c:559:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (gint)strlen(path_str) ); data/celluloid-0.20/src/celluloid-playlist-widget.c:1030:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (clipboard, uri, (gint)strlen(uri)); data/celluloid-0.20/src/mpris/celluloid-mpris-player.c:440:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const gsize prefix_len = strlen(prefix); ANALYSIS SUMMARY: Hits = 12 Lines analyzed = 21370 in approximately 0.41 seconds (51594 lines/second) Physical Source Lines of Code (SLOC) = 16292 Hits@level = [0] 1 [1] 10 [2] 2 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 13 [1+] 12 [2+] 2 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0.797938 [1+] 0.736558 [2+] 0.12276 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 2 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.