stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/dee-1.2.7+17.10.20170616/src/dee-icu-term-filter.c
Examining data/dee-1.2.7+17.10.20170616/src/dee-serializable-model.c
Examining data/dee-1.2.7+17.10.20170616/src/dee-term-list.h
Examining data/dee-1.2.7+17.10.20170616/src/dee-file-resource-manager.c
Examining data/dee-1.2.7+17.10.20170616/src/dee-filter.c
Examining data/dee-1.2.7+17.10.20170616/src/dee-model.c
Examining data/dee-1.2.7+17.10.20170616/src/dee-analyzer.c
Examining data/dee-1.2.7+17.10.20170616/src/dee-analyzer.h
Examining data/dee-1.2.7+17.10.20170616/src/dee-sequence-model.c
Examining data/dee-1.2.7+17.10.20170616/src/dee-term-list.c
Examining data/dee-1.2.7+17.10.20170616/src/dee-hash-index.c
Examining data/dee-1.2.7+17.10.20170616/src/trace-log.h
Examining data/dee-1.2.7+17.10.20170616/src/dee-filter.h
Examining data/dee-1.2.7+17.10.20170616/src/dee-result-set.h
Examining data/dee-1.2.7+17.10.20170616/src/dee-resource-manager.h
Examining data/dee-1.2.7+17.10.20170616/src/dee-tree-index.h
Examining data/dee-1.2.7+17.10.20170616/src/dee-tree-index.c
Examining data/dee-1.2.7+17.10.20170616/src/dee-index.c
Examining data/dee-1.2.7+17.10.20170616/src/dee-proxy-model.h
Examining data/dee-1.2.7+17.10.20170616/src/dee-server.c
Examining data/dee-1.2.7+17.10.20170616/src/dee-text-analyzer.c
Examining data/dee-1.2.7+17.10.20170616/src/dee-transaction.c
Examining data/dee-1.2.7+17.10.20170616/src/dee-filter-model.h
Examining data/dee-1.2.7+17.10.20170616/src/dee-serializable.c
Examining data/dee-1.2.7+17.10.20170616/src/dee-client.h
Examining data/dee-1.2.7+17.10.20170616/src/dee-glist-result-set.h
Examining data/dee-1.2.7+17.10.20170616/src/trace-log.c
Examining data/dee-1.2.7+17.10.20170616/src/dee-transaction.h
Examining data/dee-1.2.7+17.10.20170616/src/dee-model.h
Examining data/dee-1.2.7+17.10.20170616/src/dee-serializable.h
Examining data/dee-1.2.7+17.10.20170616/src/dee-peer.h
Examining data/dee-1.2.7+17.10.20170616/src/dee-result-set.c
Examining data/dee-1.2.7+17.10.20170616/src/dee-shared-model.h
Examining data/dee-1.2.7+17.10.20170616/src/dee-peer.c
Examining data/dee-1.2.7+17.10.20170616/src/dee-client.c
Examining data/dee-1.2.7+17.10.20170616/src/dee-proxy-model.c
Examining data/dee-1.2.7+17.10.20170616/src/dee.h
Examining data/dee-1.2.7+17.10.20170616/src/dee-hash-index.h
Examining data/dee-1.2.7+17.10.20170616/src/dee-model-reader.c
Examining data/dee-1.2.7+17.10.20170616/src/dee-shared-model.c
Examining data/dee-1.2.7+17.10.20170616/src/dee-model-reader.h
Examining data/dee-1.2.7+17.10.20170616/src/dee-text-analyzer.h
Examining data/dee-1.2.7+17.10.20170616/src/dee-resource-manager.c
Examining data/dee-1.2.7+17.10.20170616/src/dee-serializable-model.h
Examining data/dee-1.2.7+17.10.20170616/src/dee-index.h
Examining data/dee-1.2.7+17.10.20170616/src/dee-server.h
Examining data/dee-1.2.7+17.10.20170616/src/dee-file-resource-manager.h
Examining data/dee-1.2.7+17.10.20170616/src/dee-filter-model.c
Examining data/dee-1.2.7+17.10.20170616/src/dee-glist-result-set.c
Examining data/dee-1.2.7+17.10.20170616/src/dee-icu.h
Examining data/dee-1.2.7+17.10.20170616/src/dee-sequence-model.h
Examining data/dee-1.2.7+17.10.20170616/tests/server-helper-client.c
Examining data/dee-1.2.7+17.10.20170616/tests/test-model-signals.c
Examining data/dee-1.2.7+17.10.20170616/tests/model-helper-introspect.c
Examining data/dee-1.2.7+17.10.20170616/tests/test-model-readers.c
Examining data/dee-1.2.7+17.10.20170616/tests/model-helper-resync3rows.c
Examining data/dee-1.2.7+17.10.20170616/tests/test-model-tags.c
Examining data/dee-1.2.7+17.10.20170616/tests/model-helper-append1.c
Examining data/dee-1.2.7+17.10.20170616/tests/test-benchmark.c
Examining data/dee-1.2.7+17.10.20170616/tests/test-filter-model.c
Examining data/dee-1.2.7+17.10.20170616/tests/test-model-rows.c
Examining data/dee-1.2.7+17.10.20170616/tests/test-transaction.c
Examining data/dee-1.2.7+17.10.20170616/tests/test-index.c
Examining data/dee-1.2.7+17.10.20170616/tests/model-helper-remove3rows.c
Examining data/dee-1.2.7+17.10.20170616/tests/peer-helper-1peer.c
Examining data/dee-1.2.7+17.10.20170616/tests/test-glist-result-set.c
Examining data/dee-1.2.7+17.10.20170616/tests/test-client-server.c
Examining data/dee-1.2.7+17.10.20170616/tests/test-model-complex-column.c
Examining data/dee-1.2.7+17.10.20170616/tests/model-helper-change3rows.c
Examining data/dee-1.2.7+17.10.20170616/tests/test-resource-manager.c
Examining data/dee-1.2.7+17.10.20170616/tests/model-helper-schemaless.c
Examining data/dee-1.2.7+17.10.20170616/tests/test-serializable.c
Examining data/dee-1.2.7+17.10.20170616/tests/test-peer-interactions.c
Examining data/dee-1.2.7+17.10.20170616/tests/model-helper-clone3rows.c
Examining data/dee-1.2.7+17.10.20170616/tests/test-model-interactions.c
Examining data/dee-1.2.7+17.10.20170616/tests/test-term-list.c
Examining data/dee-1.2.7+17.10.20170616/tests/model-helper-clear3add5.c
Examining data/dee-1.2.7+17.10.20170616/tests/model-helper-add3rows.c
Examining data/dee-1.2.7+17.10.20170616/tests/test-model-column.c
Examining data/dee-1.2.7+17.10.20170616/tests/model-helper-clear6rows.c
Examining data/dee-1.2.7+17.10.20170616/tests/model-helper-replace.c
Examining data/dee-1.2.7+17.10.20170616/tests/model-helper-clear3rows.c
Examining data/dee-1.2.7+17.10.20170616/tests/test-icu.c
Examining data/dee-1.2.7+17.10.20170616/tests/model-helper-clone3rows-meta.c
Examining data/dee-1.2.7+17.10.20170616/tests/model-helper-insert1row.c
Examining data/dee-1.2.7+17.10.20170616/tests/test-model-seqnums.c
Examining data/dee-1.2.7+17.10.20170616/tests/test-dee.c
Examining data/dee-1.2.7+17.10.20170616/tests/test-analyzer.c
Examining data/dee-1.2.7+17.10.20170616/examples/slave-model.c
Examining data/dee-1.2.7+17.10.20170616/examples/synced-lists.c
Examining data/dee-1.2.7+17.10.20170616/examples/peers.c
Examining data/dee-1.2.7+17.10.20170616/examples/master-model.c
Examining data/dee-1.2.7+17.10.20170616/tools/dee-tool.c

FINAL RESULTS:

data/dee-1.2.7+17.10.20170616/src/dee-server.c:569:48:  [3] (buffer) g_get_tmp_dir:
  This function is synonymous with 'getenv("TMP")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
        g_strdup_printf ("unix:path=%s/%s-%s", g_get_tmp_dir (), 
data/dee-1.2.7+17.10.20170616/src/dee-server.c:571:45:  [3] (buffer) g_get_tmp_dir:
  This function is synonymous with 'getenv("TMP")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
        g_strdup_printf ("unix:path=%s/%s", g_get_tmp_dir (), name);
data/dee-1.2.7+17.10.20170616/src/dee-filter-model.c:286:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (priv->filter, g_value_get_pointer (value), sizeof (DeeFilter));
data/dee-1.2.7+17.10.20170616/src/dee-index.c:117:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (priv->reader, reader, sizeof (DeeModelReader));
data/dee-1.2.7+17.10.20170616/src/dee-term-list.c:402:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (clone_priv->terms->pdata, priv->terms->pdata,
data/dee-1.2.7+17.10.20170616/src/dee-transaction.c:266:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (copy, row_data, n_cols * sizeof (GVariant*));
data/dee-1.2.7+17.10.20170616/tests/server-helper-client.c:89:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  num_clients = i = atoi (argv[2]);
data/dee-1.2.7+17.10.20170616/src/dee-icu-term-filter.c:66:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen (string) * 2;
data/dee-1.2.7+17.10.20170616/src/dee-icu-term-filter.c:226:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  u_cap = strlen (text) * 4 + 1;

ANALYSIS SUMMARY:

Hits = 9
Lines analyzed = 33967 in approximately 1.29 seconds (26376 lines/second)
Physical Source Lines of Code (SLOC) = 21336
Hits@level = [0]   0 [1]   2 [2]   5 [3]   2 [4]   0 [5]   0
Hits@level+ = [0+]   9 [1+]   9 [2+]   7 [3+]   2 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 0.421822 [1+] 0.421822 [2+] 0.328084 [3+] 0.0937383 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.