Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/devhelp-3.38.0/devhelp/devhelp.h Examining data/devhelp-3.38.0/devhelp/dh-application-window.c Examining data/devhelp-3.38.0/devhelp/dh-application-window.h Examining data/devhelp-3.38.0/devhelp/dh-assistant-view.c Examining data/devhelp-3.38.0/devhelp/dh-assistant-view.h Examining data/devhelp-3.38.0/devhelp/dh-book-list-builder.c Examining data/devhelp-3.38.0/devhelp/dh-book-list-builder.h Examining data/devhelp-3.38.0/devhelp/dh-book-list-directory.c Examining data/devhelp-3.38.0/devhelp/dh-book-list-directory.h Examining data/devhelp-3.38.0/devhelp/dh-book-list-simple.c Examining data/devhelp-3.38.0/devhelp/dh-book-list-simple.h Examining data/devhelp-3.38.0/devhelp/dh-book-list.c Examining data/devhelp-3.38.0/devhelp/dh-book-list.h Examining data/devhelp-3.38.0/devhelp/dh-book-manager.c Examining data/devhelp-3.38.0/devhelp/dh-book-manager.h Examining data/devhelp-3.38.0/devhelp/dh-book-tree.c Examining data/devhelp-3.38.0/devhelp/dh-book-tree.h Examining data/devhelp-3.38.0/devhelp/dh-book.c Examining data/devhelp-3.38.0/devhelp/dh-book.h Examining data/devhelp-3.38.0/devhelp/dh-completion.c Examining data/devhelp-3.38.0/devhelp/dh-completion.h Examining data/devhelp-3.38.0/devhelp/dh-error.c Examining data/devhelp-3.38.0/devhelp/dh-error.h Examining data/devhelp-3.38.0/devhelp/dh-init.c Examining data/devhelp-3.38.0/devhelp/dh-init.h Examining data/devhelp-3.38.0/devhelp/dh-keyword-model.c Examining data/devhelp-3.38.0/devhelp/dh-keyword-model.h Examining data/devhelp-3.38.0/devhelp/dh-link.c Examining data/devhelp-3.38.0/devhelp/dh-link.h Examining data/devhelp-3.38.0/devhelp/dh-notebook.c Examining data/devhelp-3.38.0/devhelp/dh-notebook.h Examining data/devhelp-3.38.0/devhelp/dh-parser.c Examining data/devhelp-3.38.0/devhelp/dh-parser.h Examining data/devhelp-3.38.0/devhelp/dh-profile-builder.c Examining data/devhelp-3.38.0/devhelp/dh-profile-builder.h Examining data/devhelp-3.38.0/devhelp/dh-profile.c Examining data/devhelp-3.38.0/devhelp/dh-profile.h Examining data/devhelp-3.38.0/devhelp/dh-search-bar.c Examining data/devhelp-3.38.0/devhelp/dh-search-bar.h Examining data/devhelp-3.38.0/devhelp/dh-search-context.c Examining data/devhelp-3.38.0/devhelp/dh-search-context.h Examining data/devhelp-3.38.0/devhelp/dh-settings-builder.c Examining data/devhelp-3.38.0/devhelp/dh-settings-builder.h Examining data/devhelp-3.38.0/devhelp/dh-settings.c Examining data/devhelp-3.38.0/devhelp/dh-settings.h Examining data/devhelp-3.38.0/devhelp/dh-sidebar.c Examining data/devhelp-3.38.0/devhelp/dh-sidebar.h Examining data/devhelp-3.38.0/devhelp/dh-tab-label.c Examining data/devhelp-3.38.0/devhelp/dh-tab-label.h Examining data/devhelp-3.38.0/devhelp/dh-tab.c Examining data/devhelp-3.38.0/devhelp/dh-tab.h Examining data/devhelp-3.38.0/devhelp/dh-util-lib.c Examining data/devhelp-3.38.0/devhelp/dh-util-lib.h Examining data/devhelp-3.38.0/devhelp/dh-web-view.c Examining data/devhelp-3.38.0/devhelp/dh-web-view.h Examining data/devhelp-3.38.0/devhelp/future/dh-dconf-migration.c Examining data/devhelp-3.38.0/devhelp/future/dh-dconf-migration.h Examining data/devhelp-3.38.0/src/dh-app.c Examining data/devhelp-3.38.0/src/dh-app.h Examining data/devhelp-3.38.0/src/dh-assistant.c Examining data/devhelp-3.38.0/src/dh-assistant.h Examining data/devhelp-3.38.0/src/dh-main.c Examining data/devhelp-3.38.0/src/dh-preferences.c Examining data/devhelp-3.38.0/src/dh-preferences.h Examining data/devhelp-3.38.0/src/dh-settings-app.c Examining data/devhelp-3.38.0/src/dh-settings-app.h Examining data/devhelp-3.38.0/src/dh-util-app.c Examining data/devhelp-3.38.0/src/dh-util-app.h Examining data/devhelp-3.38.0/src/dh-window.c Examining data/devhelp-3.38.0/src/dh-window.h Examining data/devhelp-3.38.0/unit-tests/test-completion.c Examining data/devhelp-3.38.0/unit-tests/test-link.c Examining data/devhelp-3.38.0/unit-tests/test-search-context.c Examining data/devhelp-3.38.0/unit-tests/test-util.c FINAL RESULTS: data/devhelp-3.38.0/devhelp/dh-keyword-model.c:132:23: [3] (random) g_random_int_range: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. priv->stamp = g_random_int_range (1, G_MAXINT32); data/devhelp-3.38.0/devhelp/dh-assistant-view.c:258:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). key_length = strlen (key); data/devhelp-3.38.0/devhelp/dh-assistant-view.c:276:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (start_key)); data/devhelp-3.38.0/devhelp/dh-assistant-view.c:282:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length - strlen (start_key), data/devhelp-3.38.0/devhelp/dh-assistant-view.c:283:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (end_key)); data/devhelp-3.38.0/devhelp/dh-assistant-view.c:287:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length - strlen (start_key), data/devhelp-3.38.0/devhelp/dh-assistant-view.c:288:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (end_key)); data/devhelp-3.38.0/devhelp/dh-assistant-view.c:436:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (str) < 4) { data/devhelp-3.38.0/devhelp/dh-assistant-view.c:483:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strlen (dh_link_get_name (prefix_link)) > strlen (name)) { data/devhelp-3.38.0/devhelp/dh-assistant-view.c:483:84: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strlen (dh_link_get_name (prefix_link)) > strlen (name)) { data/devhelp-3.38.0/devhelp/dh-completion.c:66:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). data->prefix_bytes_length = strlen (prefix); data/devhelp-3.38.0/devhelp/dh-link.c:355:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). page_id_len = strlen (page_id); data/devhelp-3.38.0/devhelp/dh-parser.c:379:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name_to_free = g_strndup (name, strlen (name) - 4); data/devhelp-3.38.0/devhelp/dh-parser.c:386:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name_to_free = g_strndup (name, strlen (name) - 3); data/devhelp-3.38.0/devhelp/dh-parser.c:393:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name_to_free = g_strndup (name, strlen (name) - 2); data/devhelp-3.38.0/devhelp/dh-search-context.c:114:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix_len = strlen (prefix); data/devhelp-3.38.0/devhelp/dh-search-context.c:140:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix_len = strlen (prefix); ANALYSIS SUMMARY: Hits = 17 Lines analyzed = 15903 in approximately 0.43 seconds (37128 lines/second) Physical Source Lines of Code (SLOC) = 9913 Hits@level = [0] 0 [1] 16 [2] 0 [3] 1 [4] 0 [5] 0 Hits@level+ = [0+] 17 [1+] 17 [2+] 1 [3+] 1 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 1.71492 [1+] 1.71492 [2+] 0.100878 [3+] 0.100878 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.