Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/goocanvas-2.0-2.0.4/demo/demo-large-line.h Examining data/goocanvas-2.0-2.0.4/demo/mv-demo-table.c Examining data/goocanvas-2.0-2.0.4/demo/scalability-demo.c Examining data/goocanvas-2.0-2.0.4/demo/mv-table-demo.c Examining data/goocanvas-2.0-2.0.4/demo/mv-demo.c Examining data/goocanvas-2.0-2.0.4/demo/mv-demo-features.c Examining data/goocanvas-2.0-2.0.4/demo/demo-large-rect.h Examining data/goocanvas-2.0-2.0.4/demo/demo-paths.c Examining data/goocanvas-2.0-2.0.4/demo/demo-table.c Examining data/goocanvas-2.0-2.0.4/demo/demo-scalability.c Examining data/goocanvas-2.0-2.0.4/demo/demo-large-items.c Examining data/goocanvas-2.0-2.0.4/demo/demo-focus.c Examining data/goocanvas-2.0-2.0.4/demo/mv-demo-focus.c Examining data/goocanvas-2.0-2.0.4/demo/widgets-demo.c Examining data/goocanvas-2.0-2.0.4/demo/mv-demo-clipping.c Examining data/goocanvas-2.0-2.0.4/demo/mv-demo-animation.c Examining data/goocanvas-2.0-2.0.4/demo/demo-clipping.c Examining data/goocanvas-2.0-2.0.4/demo/mv-scalability-demo.c Examining data/goocanvas-2.0-2.0.4/demo/mv-simple-demo.c Examining data/goocanvas-2.0-2.0.4/demo/demo.c Examining data/goocanvas-2.0-2.0.4/demo/demo-large-line.c Examining data/goocanvas-2.0-2.0.4/demo/demo-grabs.c Examining data/goocanvas-2.0-2.0.4/demo/table-demo.c Examining data/goocanvas-2.0-2.0.4/demo/mv-generic-position-demo.c Examining data/goocanvas-2.0-2.0.4/demo/mv-demo-fifteen.c Examining data/goocanvas-2.0-2.0.4/demo/simple-demo.c Examining data/goocanvas-2.0-2.0.4/demo/demo-animation.c Examining data/goocanvas-2.0-2.0.4/demo/units-demo.c Examining data/goocanvas-2.0-2.0.4/demo/demo-large-rect.c Examining data/goocanvas-2.0-2.0.4/demo/mv-demo-arrowhead.c Examining data/goocanvas-2.0-2.0.4/demo/demo-item.h Examining data/goocanvas-2.0-2.0.4/demo/demo-features.c Examining data/goocanvas-2.0-2.0.4/demo/mv-demo-paths.c Examining data/goocanvas-2.0-2.0.4/demo/generic-position-demo.c Examining data/goocanvas-2.0-2.0.4/demo/mv-demo-scalability.c Examining data/goocanvas-2.0-2.0.4/demo/demo-events.c Examining data/goocanvas-2.0-2.0.4/demo/mv-demo-grabs.c Examining data/goocanvas-2.0-2.0.4/demo/demo-fifteen.c Examining data/goocanvas-2.0-2.0.4/demo/demo-arrowhead.c Examining data/goocanvas-2.0-2.0.4/demo/demo-item.c Examining data/goocanvas-2.0-2.0.4/demo/mv-demo-events.c Examining data/goocanvas-2.0-2.0.4/src/goocanvasprivate.h Examining data/goocanvas-2.0-2.0.4/src/goocanvastext.c Examining data/goocanvas-2.0-2.0.4/src/goocanvasstyle.c Examining data/goocanvas-2.0-2.0.4/src/goocanvasmarshal.h Examining data/goocanvas-2.0-2.0.4/src/goocanvasatk.h Examining data/goocanvas-2.0-2.0.4/src/goocanvasimage.h Examining data/goocanvas-2.0-2.0.4/src/goocanvaswidget.h Examining data/goocanvas-2.0-2.0.4/src/goocanvasitem.c Examining data/goocanvas-2.0-2.0.4/src/goocanvasitemsimple.c Examining data/goocanvas-2.0-2.0.4/src/goocanvaspolyline.h Examining data/goocanvas-2.0-2.0.4/src/goocanvasitemmodel.c Examining data/goocanvas-2.0-2.0.4/src/goocanvastable.c Examining data/goocanvas-2.0-2.0.4/src/goocanvasitemsimple.h Examining data/goocanvas-2.0-2.0.4/src/goocanvas.h Examining data/goocanvas-2.0-2.0.4/src/goocanvasgrid.h Examining data/goocanvas-2.0-2.0.4/src/goocanvas.c Examining data/goocanvas-2.0-2.0.4/src/goocanvasenumtypes.h Examining data/goocanvas-2.0-2.0.4/src/goocanvastext.h Examining data/goocanvas-2.0-2.0.4/src/goocanvaswidget.c Examining data/goocanvas-2.0-2.0.4/src/goocanvaspolyline.c Examining data/goocanvas-2.0-2.0.4/src/goocanvasrect.c Examining data/goocanvas-2.0-2.0.4/src/goocanvasutils.h Examining data/goocanvas-2.0-2.0.4/src/goocanvasmarshal.c Examining data/goocanvas-2.0-2.0.4/src/goocanvasgroup.c Examining data/goocanvas-2.0-2.0.4/src/goocanvasitemmodel.h Examining data/goocanvas-2.0-2.0.4/src/goocanvasellipse.h Examining data/goocanvas-2.0-2.0.4/src/goocanvasstyle.h Examining data/goocanvas-2.0-2.0.4/src/goocanvasgrid.c Examining data/goocanvas-2.0-2.0.4/src/goocanvasrect.h Examining data/goocanvas-2.0-2.0.4/src/goocanvasatk.c Examining data/goocanvas-2.0-2.0.4/src/goocanvaspath.h Examining data/goocanvas-2.0-2.0.4/src/goocanvasimage.c Examining data/goocanvas-2.0-2.0.4/src/goocanvasenumtypes.c Examining data/goocanvas-2.0-2.0.4/src/goocanvasgroup.h Examining data/goocanvas-2.0-2.0.4/src/goocanvasitem.h Examining data/goocanvas-2.0-2.0.4/src/goocanvasutils.c Examining data/goocanvas-2.0-2.0.4/src/goocanvaspath.c Examining data/goocanvas-2.0-2.0.4/src/goocanvastable.h Examining data/goocanvas-2.0-2.0.4/src/goocanvasellipse.c FINAL RESULTS: data/goocanvas-2.0-2.0.4/demo/units-demo.c:65:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (buffer, "This box is %gx%g %s", d[2], d[3], units_name); data/goocanvas-2.0-2.0.4/demo/units-demo.c:73:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (buffer, "This font is %g %s high", d[7], units_name); data/goocanvas-2.0-2.0.4/demo/demo-fifteen.c:191:2: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand (time (NULL)); data/goocanvas-2.0-2.0.4/demo/mv-demo-fifteen.c:202:2: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand (time (NULL)); data/goocanvas-2.0-2.0.4/demo/demo-arrowhead.c:22:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/goocanvas-2.0-2.0.4/demo/demo-arrowhead.c:34:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buf, "%d", dim); data/goocanvas-2.0-2.0.4/demo/demo-arrowhead.c:60:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/goocanvas-2.0-2.0.4/demo/demo-arrowhead.c:148:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buf, "line-width: %d", width); data/goocanvas-2.0-2.0.4/demo/demo-arrowhead.c:153:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buf, "arrow-tip-length: %d (* line-width)", shape_a); data/goocanvas-2.0-2.0.4/demo/demo-arrowhead.c:158:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buf, "arrow-length: %d (* line-width)", shape_b); data/goocanvas-2.0-2.0.4/demo/demo-arrowhead.c:162:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buf, "arrow-width: %d (* line-width)", shape_c); data/goocanvas-2.0-2.0.4/demo/demo-fifteen.c:42:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[50]; data/goocanvas-2.0-2.0.4/demo/demo-fifteen.c:53:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buf, "#%02x%02x%02x", r, g, b); data/goocanvas-2.0-2.0.4/demo/demo-fifteen.c:243:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[20]; data/goocanvas-2.0-2.0.4/demo/demo-fifteen.c:299:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buf, "%d", i + 1); data/goocanvas-2.0-2.0.4/demo/demo.c:826:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. create_stipple (const char *color_name, guchar stipple_data[16]) data/goocanvas-2.0-2.0.4/demo/mv-demo-arrowhead.c:21:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/goocanvas-2.0-2.0.4/demo/mv-demo-arrowhead.c:33:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buf, "%d", dim); data/goocanvas-2.0-2.0.4/demo/mv-demo-arrowhead.c:59:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/goocanvas-2.0-2.0.4/demo/mv-demo-arrowhead.c:147:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buf, "line-width: %d", width); data/goocanvas-2.0-2.0.4/demo/mv-demo-arrowhead.c:152:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buf, "arrow-tip-length: %d (* line-width)", shape_a); data/goocanvas-2.0-2.0.4/demo/mv-demo-arrowhead.c:157:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buf, "arrow-length: %d (* line-width)", shape_b); data/goocanvas-2.0-2.0.4/demo/mv-demo-arrowhead.c:161:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buf, "arrow-width: %d (* line-width)", shape_c); data/goocanvas-2.0-2.0.4/demo/mv-demo-fifteen.c:42:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[50]; data/goocanvas-2.0-2.0.4/demo/mv-demo-fifteen.c:53:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buf, "#%02x%02x%02x", r, g, b); data/goocanvas-2.0-2.0.4/demo/mv-demo-fifteen.c:254:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[20]; data/goocanvas-2.0-2.0.4/demo/mv-demo-fifteen.c:308:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buf, "%d", i + 1); data/goocanvas-2.0-2.0.4/demo/mv-demo.c:720:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. create_stipple (const char *color_name, guchar stipple_data[16]) data/goocanvas-2.0-2.0.4/demo/mv-scalability-demo.c:53:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ids[N_TOTAL_ID_ITEMS][MAX_ID_LEN]; data/goocanvas-2.0-2.0.4/demo/mv-scalability-demo.c:108:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (ids[id_item_num++], "%.10g, %.10g", data/goocanvas-2.0-2.0.4/demo/scalability-demo.c:53:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ids[N_TOTAL_ID_ITEMS][MAX_ID_LEN]; data/goocanvas-2.0-2.0.4/demo/scalability-demo.c:108:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (ids[id_item_num++], "%.10g, %.10g", data/goocanvas-2.0-2.0.4/demo/units-demo.c:66:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (font_desc, "Sans %gpx", d[4]); data/goocanvas-2.0-2.0.4/demo/units-demo.c:74:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (font_desc, "Sans %gpx", d[7]); data/goocanvas-2.0-2.0.4/src/goocanvaspolyline.c:334:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (points->coords, polyline_data->coords, data/goocanvas-2.0-2.0.4/src/goocanvaspolyline.c:566:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (polyline_data->coords, points->coords, data/goocanvas-2.0-2.0.4/demo/demo.c:998:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). points = goo_canvas_points_new (strlen (hilbert) + 1); data/goocanvas-2.0-2.0.4/demo/mv-demo.c:878:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). points = goo_canvas_points_new (strlen (hilbert) + 1); ANALYSIS SUMMARY: Hits = 38 Lines analyzed = 40269 in approximately 0.97 seconds (41523 lines/second) Physical Source Lines of Code (SLOC) = 27650 Hits@level = [0] 4 [1] 2 [2] 32 [3] 2 [4] 2 [5] 0 Hits@level+ = [0+] 42 [1+] 38 [2+] 36 [3+] 4 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 1.51899 [1+] 1.37432 [2+] 1.30199 [3+] 0.144665 [4+] 0.0723327 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.