Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/cmark-0.29.0/api_test/cplusplus.cpp
Examining data/cmark-0.29.0/api_test/cplusplus.h
Examining data/cmark-0.29.0/api_test/harness.c
Examining data/cmark-0.29.0/api_test/harness.h
Examining data/cmark-0.29.0/api_test/main.c
Examining data/cmark-0.29.0/src/blocks.c
Examining data/cmark-0.29.0/src/buffer.c
Examining data/cmark-0.29.0/src/buffer.h
Examining data/cmark-0.29.0/src/chunk.h
Examining data/cmark-0.29.0/src/cmark.c
Examining data/cmark-0.29.0/src/cmark.h
Examining data/cmark-0.29.0/src/cmark_ctype.c
Examining data/cmark-0.29.0/src/cmark_ctype.h
Examining data/cmark-0.29.0/src/commonmark.c
Examining data/cmark-0.29.0/src/houdini.h
Examining data/cmark-0.29.0/src/houdini_href_e.c
Examining data/cmark-0.29.0/src/houdini_html_e.c
Examining data/cmark-0.29.0/src/houdini_html_u.c
Examining data/cmark-0.29.0/src/html.c
Examining data/cmark-0.29.0/src/inlines.c
Examining data/cmark-0.29.0/src/inlines.h
Examining data/cmark-0.29.0/src/iterator.c
Examining data/cmark-0.29.0/src/iterator.h
Examining data/cmark-0.29.0/src/latex.c
Examining data/cmark-0.29.0/src/main.c
Examining data/cmark-0.29.0/src/man.c
Examining data/cmark-0.29.0/src/node.c
Examining data/cmark-0.29.0/src/node.h
Examining data/cmark-0.29.0/src/parser.h
Examining data/cmark-0.29.0/src/references.c
Examining data/cmark-0.29.0/src/references.h
Examining data/cmark-0.29.0/src/render.c
Examining data/cmark-0.29.0/src/render.h
Examining data/cmark-0.29.0/src/scanners.c
Examining data/cmark-0.29.0/src/scanners.h
Examining data/cmark-0.29.0/src/utf8.c
Examining data/cmark-0.29.0/src/utf8.h
Examining data/cmark-0.29.0/src/xml.c
Examining data/cmark-0.29.0/test/cmark-fuzz.c

FINAL RESULTS:

data/cmark-0.29.0/api_test/harness.c:20:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stderr, msg, ap);
data/cmark-0.29.0/api_test/main.c:753:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(buf, "((((%s))))", utf8);
data/cmark-0.29.0/api_test/main.c:757:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(expected, "<p>((((%s))))</p>\n", utf8);
data/cmark-0.29.0/api_test/main.c:767:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(buf, "----%s", utf8);
data/cmark-0.29.0/api_test/main.c:777:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(buf, "((((%s))))", utf8);
data/cmark-0.29.0/api_test/main.c:783:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat(expected, UTF8_REPL);
data/cmark-0.29.0/api_test/main.c:752:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[20];
data/cmark-0.29.0/api_test/main.c:756:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char expected[30];
data/cmark-0.29.0/api_test/main.c:766:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[20];
data/cmark-0.29.0/api_test/main.c:776:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[20];
data/cmark-0.29.0/api_test/main.c:780:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char expected[50];
data/cmark-0.29.0/api_test/main.c:781:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(expected, "<p>((((" UTF8_REPL "\x20");
data/cmark-0.29.0/api_test/main.c:785:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(expected, "))))</p>\n");
data/cmark-0.29.0/src/blocks.c:515:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char buffer[4096];
data/cmark-0.29.0/src/blocks.c:1060:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&((*container)->as.list), data, sizeof(*data));
data/cmark-0.29.0/src/blocks.c:1067:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&((*container)->as.list), data, sizeof(*data));
data/cmark-0.29.0/src/buffer.c:17:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char cmark_strbuf__initbuf[1];
data/cmark-0.29.0/src/chunk.h:70:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(str, c->data, c->len);
data/cmark-0.29.0/src/chunk.h:90:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(c->data, str, c->len + 1);
data/cmark-0.29.0/src/commonmark.c:30:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char encoded[ENCODED_SIZE];
data/cmark-0.29.0/src/commonmark.c:179:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char fencechar[2] = {'\0', '\0'};
data/cmark-0.29.0/src/commonmark.c:181:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char listmarker[LISTMARKER_SIZE];
data/cmark-0.29.0/src/houdini_html_u.c:16:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      strncmp((const char *)s, (const char *)cmark_entities[i].entity, len);
data/cmark-0.29.0/src/houdini_html_u.c:16:39:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      strncmp((const char *)s, (const char *)cmark_entities[i].entity, len);
data/cmark-0.29.0/src/houdini_html_u.c:18:28:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    return (const unsigned char *)cmark_entities[i].bytes;
data/cmark-0.29.0/src/html.c:34:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[BUFFER_SIZE];
data/cmark-0.29.0/src/html.c:51:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[BUFFER_SIZE];
data/cmark-0.29.0/src/inlines.c:128:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(c.data, src->data, len);
data/cmark-0.29.0/src/latex.c:224:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char list_number_string[LIST_NUMBER_STRING_SIZE];
data/cmark-0.29.0/src/main.c:78:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[4096];
data/cmark-0.29.0/src/main.c:166:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *fp = fopen(argv[files[i]], "rb");
data/cmark-0.29.0/src/man.c:115:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char list_number_s[LIST_NUMBER_SIZE];
data/cmark-0.29.0/src/xml.c:39:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[BUFFER_SIZE];
data/cmark-0.29.0/api_test/main.c:773:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t len = strlen(utf8);
data/cmark-0.29.0/api_test/main.c:788:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        cmark_markdown_to_html(buf, strlen(buf), CMARK_OPT_VALIDATE_UTF8);
data/cmark-0.29.0/api_test/main.c:874:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  char *html = cmark_markdown_to_html(markdown, strlen(markdown),
data/cmark-0.29.0/src/buffer.c:98:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                   string ? strlen(string) : 0);
data/cmark-0.29.0/src/buffer.c:119:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  cmark_strbuf_put(buf, (const unsigned char *)string, strlen(string));
data/cmark-0.29.0/src/chunk.h:87:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    c->len = (bufsize_t)strlen(str);
data/cmark-0.29.0/src/chunk.h:98:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  bufsize_t len = data ? (bufsize_t)strlen(data) : 0;
data/cmark-0.29.0/src/commonmark.c:63:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      renderer->column += strlen(encoded);
data/cmark-0.29.0/src/commonmark.c:74:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t code_len = strlen(code);
data/cmark-0.29.0/src/commonmark.c:95:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t code_len = strlen(code);
data/cmark-0.29.0/src/commonmark.c:244:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      marker_width = strlen(listmarker);
data/cmark-0.29.0/src/commonmark.c:286:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    info_len = strlen(info);
data/cmark-0.29.0/src/commonmark.c:289:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    code_len = strlen(code);
data/cmark-0.29.0/src/commonmark.c:372:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    code_len = strlen(code);
data/cmark-0.29.0/src/commonmark.c:445:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(title) > 0) {
data/cmark-0.29.0/src/commonmark.c:462:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (strlen(title) > 0) {
data/cmark-0.29.0/src/latex.c:170:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  url_len = strlen(url);
data/cmark-0.29.0/src/latex.c:176:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  title_len = strlen(title);
data/cmark-0.29.0/src/main.c:126:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (unparsed && strlen(unparsed) > 0) {
data/cmark-0.29.0/src/render.c:23:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  int length = strlen(source);

ANALYSIS SUMMARY:

Hits = 53
Lines analyzed = 23191 in approximately 0.46 seconds (50029 lines/second)
Physical Source Lines of Code (SLOC) = 20992
Hits@level = [0]  48 [1]  20 [2]  27 [3]   0 [4]   6 [5]   0
Hits@level+ = [0+] 101 [1+]  53 [2+]  33 [3+]   6 [4+]   6 [5+]   0
Hits/KSLOC@level+ = [0+] 4.81136 [1+] 2.52477 [2+] 1.57203 [3+] 0.285823 [4+] 0.285823 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.