Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/devhelp-3.38.0/devhelp/devhelp.h
Examining data/devhelp-3.38.0/devhelp/dh-application-window.c
Examining data/devhelp-3.38.0/devhelp/dh-application-window.h
Examining data/devhelp-3.38.0/devhelp/dh-assistant-view.c
Examining data/devhelp-3.38.0/devhelp/dh-assistant-view.h
Examining data/devhelp-3.38.0/devhelp/dh-book-list-builder.c
Examining data/devhelp-3.38.0/devhelp/dh-book-list-builder.h
Examining data/devhelp-3.38.0/devhelp/dh-book-list-directory.c
Examining data/devhelp-3.38.0/devhelp/dh-book-list-directory.h
Examining data/devhelp-3.38.0/devhelp/dh-book-list-simple.c
Examining data/devhelp-3.38.0/devhelp/dh-book-list-simple.h
Examining data/devhelp-3.38.0/devhelp/dh-book-list.c
Examining data/devhelp-3.38.0/devhelp/dh-book-list.h
Examining data/devhelp-3.38.0/devhelp/dh-book-manager.c
Examining data/devhelp-3.38.0/devhelp/dh-book-manager.h
Examining data/devhelp-3.38.0/devhelp/dh-book-tree.c
Examining data/devhelp-3.38.0/devhelp/dh-book-tree.h
Examining data/devhelp-3.38.0/devhelp/dh-book.c
Examining data/devhelp-3.38.0/devhelp/dh-book.h
Examining data/devhelp-3.38.0/devhelp/dh-completion.c
Examining data/devhelp-3.38.0/devhelp/dh-completion.h
Examining data/devhelp-3.38.0/devhelp/dh-error.c
Examining data/devhelp-3.38.0/devhelp/dh-error.h
Examining data/devhelp-3.38.0/devhelp/dh-init.c
Examining data/devhelp-3.38.0/devhelp/dh-init.h
Examining data/devhelp-3.38.0/devhelp/dh-keyword-model.c
Examining data/devhelp-3.38.0/devhelp/dh-keyword-model.h
Examining data/devhelp-3.38.0/devhelp/dh-link.c
Examining data/devhelp-3.38.0/devhelp/dh-link.h
Examining data/devhelp-3.38.0/devhelp/dh-notebook.c
Examining data/devhelp-3.38.0/devhelp/dh-notebook.h
Examining data/devhelp-3.38.0/devhelp/dh-parser.c
Examining data/devhelp-3.38.0/devhelp/dh-parser.h
Examining data/devhelp-3.38.0/devhelp/dh-profile-builder.c
Examining data/devhelp-3.38.0/devhelp/dh-profile-builder.h
Examining data/devhelp-3.38.0/devhelp/dh-profile.c
Examining data/devhelp-3.38.0/devhelp/dh-profile.h
Examining data/devhelp-3.38.0/devhelp/dh-search-bar.c
Examining data/devhelp-3.38.0/devhelp/dh-search-bar.h
Examining data/devhelp-3.38.0/devhelp/dh-search-context.c
Examining data/devhelp-3.38.0/devhelp/dh-search-context.h
Examining data/devhelp-3.38.0/devhelp/dh-settings-builder.c
Examining data/devhelp-3.38.0/devhelp/dh-settings-builder.h
Examining data/devhelp-3.38.0/devhelp/dh-settings.c
Examining data/devhelp-3.38.0/devhelp/dh-settings.h
Examining data/devhelp-3.38.0/devhelp/dh-sidebar.c
Examining data/devhelp-3.38.0/devhelp/dh-sidebar.h
Examining data/devhelp-3.38.0/devhelp/dh-tab-label.c
Examining data/devhelp-3.38.0/devhelp/dh-tab-label.h
Examining data/devhelp-3.38.0/devhelp/dh-tab.c
Examining data/devhelp-3.38.0/devhelp/dh-tab.h
Examining data/devhelp-3.38.0/devhelp/dh-util-lib.c
Examining data/devhelp-3.38.0/devhelp/dh-util-lib.h
Examining data/devhelp-3.38.0/devhelp/dh-web-view.c
Examining data/devhelp-3.38.0/devhelp/dh-web-view.h
Examining data/devhelp-3.38.0/devhelp/future/dh-dconf-migration.c
Examining data/devhelp-3.38.0/devhelp/future/dh-dconf-migration.h
Examining data/devhelp-3.38.0/src/dh-app.c
Examining data/devhelp-3.38.0/src/dh-app.h
Examining data/devhelp-3.38.0/src/dh-assistant.c
Examining data/devhelp-3.38.0/src/dh-assistant.h
Examining data/devhelp-3.38.0/src/dh-main.c
Examining data/devhelp-3.38.0/src/dh-preferences.c
Examining data/devhelp-3.38.0/src/dh-preferences.h
Examining data/devhelp-3.38.0/src/dh-settings-app.c
Examining data/devhelp-3.38.0/src/dh-settings-app.h
Examining data/devhelp-3.38.0/src/dh-util-app.c
Examining data/devhelp-3.38.0/src/dh-util-app.h
Examining data/devhelp-3.38.0/src/dh-window.c
Examining data/devhelp-3.38.0/src/dh-window.h
Examining data/devhelp-3.38.0/unit-tests/test-completion.c
Examining data/devhelp-3.38.0/unit-tests/test-link.c
Examining data/devhelp-3.38.0/unit-tests/test-search-context.c
Examining data/devhelp-3.38.0/unit-tests/test-util.c

FINAL RESULTS:

data/devhelp-3.38.0/devhelp/dh-keyword-model.c:132:23:  [3] (random) g_random_int_range:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
        priv->stamp = g_random_int_range (1, G_MAXINT32);
data/devhelp-3.38.0/devhelp/dh-assistant-view.c:258:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        key_length = strlen (key);
data/devhelp-3.38.0/devhelp/dh-assistant-view.c:276:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                        strlen (start_key));
data/devhelp-3.38.0/devhelp/dh-assistant-view.c:282:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                              length - strlen (start_key),
data/devhelp-3.38.0/devhelp/dh-assistant-view.c:283:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                              strlen (end_key));
data/devhelp-3.38.0/devhelp/dh-assistant-view.c:287:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                                      length - strlen (start_key),
data/devhelp-3.38.0/devhelp/dh-assistant-view.c:288:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                                      strlen (end_key));
data/devhelp-3.38.0/devhelp/dh-assistant-view.c:436:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen (str) < 4) {
data/devhelp-3.38.0/devhelp/dh-assistant-view.c:483:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                else if (strlen (dh_link_get_name (prefix_link)) > strlen (name)) {
data/devhelp-3.38.0/devhelp/dh-assistant-view.c:483:84:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                else if (strlen (dh_link_get_name (prefix_link)) > strlen (name)) {
data/devhelp-3.38.0/devhelp/dh-completion.c:66:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        data->prefix_bytes_length = strlen (prefix);
data/devhelp-3.38.0/devhelp/dh-link.c:355:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        page_id_len = strlen (page_id);
data/devhelp-3.38.0/devhelp/dh-parser.c:379:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                name_to_free = g_strndup (name, strlen (name) - 4);
data/devhelp-3.38.0/devhelp/dh-parser.c:386:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                name_to_free = g_strndup (name, strlen (name) - 3);
data/devhelp-3.38.0/devhelp/dh-parser.c:393:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                name_to_free = g_strndup (name, strlen (name) - 2);
data/devhelp-3.38.0/devhelp/dh-search-context.c:114:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        prefix_len = strlen (prefix);
data/devhelp-3.38.0/devhelp/dh-search-context.c:140:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        prefix_len = strlen (prefix);

ANALYSIS SUMMARY:

Hits = 17
Lines analyzed = 15903 in approximately 0.43 seconds (37128 lines/second)
Physical Source Lines of Code (SLOC) = 9913
Hits@level = [0]   0 [1]  16 [2]   0 [3]   1 [4]   0 [5]   0
Hits@level+ = [0+]  17 [1+]  17 [2+]   1 [3+]   1 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 1.71492 [1+] 1.71492 [2+] 0.100878 [3+] 0.100878 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.