Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/esdl-1.3.1/c_src/esdl_audio.h
Examining data/esdl-1.3.1/c_src/esdl_gl.c
Examining data/esdl-1.3.1/c_src/esdl_driver.c
Examining data/esdl-1.3.1/c_src/esdl_ttf.c
Examining data/esdl-1.3.1/c_src/esdl_conv.h
Examining data/esdl-1.3.1/c_src/esdl_events.c
Examining data/esdl-1.3.1/c_src/esdl_sdl_fp.h
Examining data/esdl-1.3.1/c_src/esdl_gen.c
Examining data/esdl-1.3.1/c_src/esdl_util.c
Examining data/esdl-1.3.1/c_src/esdl.h
Examining data/esdl-1.3.1/c_src/esdl_video.h
Examining data/esdl-1.3.1/c_src/esdl_spec.c
Examining data/esdl-1.3.1/c_src/esdl_events.h
Examining data/esdl-1.3.1/c_src/esdl_audio.c
Examining data/esdl-1.3.1/c_src/esdl_wrapper.c
Examining data/esdl-1.3.1/c_src/esdl_ttf.h
Examining data/esdl-1.3.1/c_src/esdl_img.c
Examining data/esdl-1.3.1/c_src/esdl_img.h
Examining data/esdl-1.3.1/c_src/esdl_util.h
Examining data/esdl-1.3.1/c_src/esdl_video.c

FINAL RESULTS:

data/esdl-1.3.1/c_src/esdl_gl.c:70:12:  [3] (misc) LoadLibrary:
  Ensure that the full path to the library is specified, or current directory
  may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
  find library path, if you aren't already.
    return LoadLibrary(DLL);
data/esdl-1.3.1/c_src/esdl_audio.c:61:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	 memcpy(stream, waveptr, waveleft);
data/esdl-1.3.1/c_src/esdl_audio.c:76:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	 memcpy(stream, waveptr, len);
data/esdl-1.3.1/c_src/esdl_audio.c:239:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	 memcpy(wav_cvt.buf, mptr, osize);
data/esdl-1.3.1/c_src/esdl_conv.h:58:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      ((unsigned char *)(s))[-1] & 0xff)
data/esdl-1.3.1/c_src/esdl_conv.h:62:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      (((((unsigned char *)(s))[-1] << 8) | \
data/esdl-1.3.1/c_src/esdl_conv.h:63:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        ((unsigned char *)(s))[-2])) & 0xffff)
data/esdl-1.3.1/c_src/esdl_conv.h:67:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      ((((unsigned char *)(s))[-1] << 24) | \
data/esdl-1.3.1/c_src/esdl_conv.h:68:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
       (((unsigned char *)(s))[-2] << 16) | \
data/esdl-1.3.1/c_src/esdl_conv.h:69:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
       (((unsigned char *)(s))[-3] << 8) | \
data/esdl-1.3.1/c_src/esdl_conv.h:70:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
       ((unsigned char *)(s))[-4]))
data/esdl-1.3.1/c_src/esdl_conv.h:74:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      (((((unsigned char *)(s))[-2] << 8) | \
data/esdl-1.3.1/c_src/esdl_conv.h:75:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        ((unsigned char *)(s))[-1])) & 0xffff) 
data/esdl-1.3.1/c_src/esdl_conv.h:79:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      ((((unsigned char *)(s))[-4] << 24) | \
data/esdl-1.3.1/c_src/esdl_conv.h:80:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
       (((unsigned char *)(s))[-3] << 16) | \
data/esdl-1.3.1/c_src/esdl_conv.h:81:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
       (((unsigned char *)(s))[-2] << 8) | \
data/esdl-1.3.1/c_src/esdl_conv.h:82:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
       ((unsigned char *)(s))[-1]))
data/esdl-1.3.1/c_src/esdl_gl.c:41:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char *base[3];
data/esdl-1.3.1/c_src/esdl_gl.c:160:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char * bs[3];
data/esdl-1.3.1/c_src/esdl_gl.c:183:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(esdl_q[pos].buff, bp, len);
data/esdl-1.3.1/c_src/esdl_gl.c:237:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char * bs[3];
data/esdl-1.3.1/c_src/esdl_util.c:37:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(sd->bin[0].base, bp, len);
data/esdl-1.3.1/c_src/esdl_util.c:39:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(sd->bin[0].base, sd->bin[1].base, sd->bin[1].size);
data/esdl-1.3.1/c_src/esdl_util.h:22:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  do { memcpy(&dstp,srcp,sizeof(void *)); srcp += 8; } while (0)
data/esdl-1.3.1/c_src/esdl_util.h:24:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  do { memset(dstp,0,8);memcpy(dstp,&srcp,sizeof(void *)); dstp += 8; } while (0)
data/esdl-1.3.1/c_src/esdl_video.c:539:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(pixels, (void *) bp, size);
data/esdl-1.3.1/c_src/esdl_video.c:904:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char res[1024];
data/esdl-1.3.1/c_src/esdl_audio.c:93:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      sendlen = (int) strlen(bp);
data/esdl-1.3.1/c_src/esdl_gen.c:37:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   length = (int) strlen(err);
data/esdl-1.3.1/c_src/esdl_img.c:157:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    length = strlen(err);
data/esdl-1.3.1/c_src/esdl_ttf.c:66:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    bp = file + strlen(file) + 1;
data/esdl-1.3.1/c_src/esdl_ttf.c:89:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    bp = file + strlen(file) + 1;
data/esdl-1.3.1/c_src/esdl_ttf.c:256:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	sendlen = strlen(familyname);
data/esdl-1.3.1/c_src/esdl_ttf.c:276:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	sendlen = strlen(stylename);
data/esdl-1.3.1/c_src/esdl_ttf.c:749:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    length = strlen(err);
data/esdl-1.3.1/c_src/esdl_video.c:56:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      sendlen = (int) strlen(bp);
data/esdl-1.3.1/c_src/esdl_video.c:708:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    icon = title + strlen(title) + 1;
data/esdl-1.3.1/c_src/esdl_video.c:1100:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	title = defdir + strlen(defdir) + 1;  /* Title of dialog */
data/esdl-1.3.1/c_src/esdl_video.c:1101:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	defname = title + strlen(title) + 1; /* Default name for file */
data/esdl-1.3.1/c_src/esdl_video.c:1102:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	filter = defname + strlen(defname) + 1; /* Filters */
data/esdl-1.3.1/c_src/esdl_video.c:1122:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    filter += strlen(filter) + 1;

ANALYSIS SUMMARY:

Hits = 41
Lines analyzed = 5111 in approximately 0.19 seconds (26275 lines/second)
Physical Source Lines of Code (SLOC) = 4133
Hits@level = [0]  22 [1]  14 [2]  26 [3]   1 [4]   0 [5]   0
Hits@level+ = [0+]  63 [1+]  41 [2+]  27 [3+]   1 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 15.2432 [1+] 9.92015 [2+] 6.53278 [3+] 0.241955 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.