Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/ctpl-0.3.4+dfsg/src/ctpl-mathutils.h Examining data/ctpl-0.3.4+dfsg/src/ctpl-parser.c Examining data/ctpl-0.3.4+dfsg/src/ctpl-parser.h Examining data/ctpl-0.3.4+dfsg/src/ctpl-version.c Examining data/ctpl-0.3.4+dfsg/src/ctpl-stack.c Examining data/ctpl-0.3.4+dfsg/src/ctpl-value.h Examining data/ctpl-0.3.4+dfsg/src/ctpl-output-stream.h Examining data/ctpl-0.3.4+dfsg/src/ctpl.c Examining data/ctpl-0.3.4+dfsg/src/ctpl-environ.h Examining data/ctpl-0.3.4+dfsg/src/ctpl-version.h Examining data/ctpl-0.3.4+dfsg/src/ctpl-mathutils.c Examining data/ctpl-0.3.4+dfsg/src/ctpl-lexer-private.h Examining data/ctpl-0.3.4+dfsg/src/ctpl-i18n.h Examining data/ctpl-0.3.4+dfsg/src/ctpl-token.c Examining data/ctpl-0.3.4+dfsg/src/ctpl-eval.h Examining data/ctpl-0.3.4+dfsg/src/ctpl-token.h Examining data/ctpl-0.3.4+dfsg/src/ctpl-i18n.c Examining data/ctpl-0.3.4+dfsg/src/ctpl.h Examining data/ctpl-0.3.4+dfsg/src/ctpl-lexer.h Examining data/ctpl-0.3.4+dfsg/src/test.c Examining data/ctpl-0.3.4+dfsg/src/ctpl-stack.h Examining data/ctpl-0.3.4+dfsg/src/ctpl-lexer.c Examining data/ctpl-0.3.4+dfsg/src/ctpl-token-private.h Examining data/ctpl-0.3.4+dfsg/src/ctpl-input-stream.c Examining data/ctpl-0.3.4+dfsg/src/ctpl-lexer-expr.c Examining data/ctpl-0.3.4+dfsg/src/ctpl-lexer-expr.h Examining data/ctpl-0.3.4+dfsg/src/ctpl-eval.c Examining data/ctpl-0.3.4+dfsg/src/ctpl-io.c Examining data/ctpl-0.3.4+dfsg/src/ctpl-environ.c Examining data/ctpl-0.3.4+dfsg/src/ctpl-input-stream.h Examining data/ctpl-0.3.4+dfsg/src/ctpl-value.c Examining data/ctpl-0.3.4+dfsg/src/ctpl-io.h Examining data/ctpl-0.3.4+dfsg/src/ctpl-output-stream.c Examining data/ctpl-0.3.4+dfsg/testsuite/parsing-tests.c Examining data/ctpl-0.3.4+dfsg/testsuite/ctpl-test-lib.c Examining data/ctpl-0.3.4+dfsg/testsuite/read-number-test.c Examining data/ctpl-0.3.4+dfsg/testsuite/ctpl-test-lib.h Examining data/ctpl-0.3.4+dfsg/testsuite/float-test.c FINAL RESULTS: data/ctpl-0.3.4+dfsg/src/ctpl.c:85:5: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf (stdout, fmt, ap); data/ctpl-0.3.4+dfsg/src/ctpl.c:98:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf (stderr, fmt, ap); data/ctpl-0.3.4+dfsg/testsuite/float-test.c:150:21: [3] (random) g_random_int_range: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (test_float (g_random_int_range (-100000, 100000), data/ctpl-0.3.4+dfsg/testsuite/float-test.c:151:21: [3] (random) g_random_int_range: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. g_random_int_range (0, 999999999))) { data/ctpl-0.3.4+dfsg/src/ctpl-eval.c:234:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&buf[str_len * i], str, str_len); data/ctpl-0.3.4+dfsg/src/ctpl-input-stream.c:617:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buffer, &stream->buffer[stream->buf_pos], (gsize)read_size); data/ctpl-0.3.4+dfsg/testsuite/ctpl-test-lib.c:45:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (output, p, size); data/ctpl-0.3.4+dfsg/src/ctpl-eval.c:216:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str_len = strlen (str); data/ctpl-0.3.4+dfsg/src/ctpl-input-stream.c:671:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). accept_length = (accept_len < 0) ? strlen (accept) : (gsize)accept_len; data/ctpl-0.3.4+dfsg/src/ctpl-input-stream.c:782:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). accept_length = (accept_len < 0) ? strlen (accept) : (gsize)accept_len; data/ctpl-0.3.4+dfsg/src/ctpl-input-stream.c:928:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). reject_length = reject_len < 0 ? strlen (reject) : (gsize) reject_len; data/ctpl-0.3.4+dfsg/src/ctpl-lexer-expr.c:321:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = (len < 0) ? strlen (str) : (gsize)len; data/ctpl-0.3.4+dfsg/src/ctpl-output-stream.c:138:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (length < 0) ? strlen (data) : (gsize)length; data/ctpl-0.3.4+dfsg/src/ctpl-token.c:45:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define GET_LEN(s, max) (((max) < 0) ? strlen (s) : (gsize)max) data/ctpl-0.3.4+dfsg/testsuite/float-test.c:52:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gsize s_len = strlen (s); data/ctpl-0.3.4+dfsg/testsuite/float-test.c:53:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gsize sfx_len = strlen (sfx); ANALYSIS SUMMARY: Hits = 16 Lines analyzed = 10519 in approximately 0.34 seconds (31333 lines/second) Physical Source Lines of Code (SLOC) = 5879 Hits@level = [0] 34 [1] 9 [2] 3 [3] 2 [4] 2 [5] 0 Hits@level+ = [0+] 50 [1+] 16 [2+] 7 [3+] 4 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 8.50485 [1+] 2.72155 [2+] 1.19068 [3+] 0.680388 [4+] 0.340194 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.