stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gulkan-0.15.1/examples/cairo.c
Examining data/gulkan-0.15.1/examples/common/common.c
Examining data/gulkan-0.15.1/examples/common/common.h
Examining data/gulkan-0.15.1/examples/common/model-renderer.c
Examining data/gulkan-0.15.1/examples/common/model-renderer.h
Examining data/gulkan-0.15.1/examples/common/plane-example.c
Examining data/gulkan-0.15.1/examples/common/plane-example.h
Examining data/gulkan-0.15.1/examples/common/plane-renderer.c
Examining data/gulkan-0.15.1/examples/common/plane-renderer.h
Examining data/gulkan-0.15.1/examples/cube.c
Examining data/gulkan-0.15.1/examples/dmabuf.c
Examining data/gulkan-0.15.1/examples/external-memory.c
Examining data/gulkan-0.15.1/examples/pixbuf-linear.c
Examining data/gulkan-0.15.1/examples/pixbuf.c
Examining data/gulkan-0.15.1/examples/threading.c
Examining data/gulkan-0.15.1/examples/toy.c
Examining data/gulkan-0.15.1/src/gulkan-buffer.c
Examining data/gulkan-0.15.1/src/gulkan-buffer.h
Examining data/gulkan-0.15.1/src/gulkan-client.c
Examining data/gulkan-0.15.1/src/gulkan-client.h
Examining data/gulkan-0.15.1/src/gulkan-cmd-buffer-private.h
Examining data/gulkan-0.15.1/src/gulkan-cmd-buffer.c
Examining data/gulkan-0.15.1/src/gulkan-cmd-buffer.h
Examining data/gulkan-0.15.1/src/gulkan-descriptor-pool.c
Examining data/gulkan-0.15.1/src/gulkan-descriptor-pool.h
Examining data/gulkan-0.15.1/src/gulkan-device.c
Examining data/gulkan-0.15.1/src/gulkan-device.h
Examining data/gulkan-0.15.1/src/gulkan-frame-buffer.c
Examining data/gulkan-0.15.1/src/gulkan-frame-buffer.h
Examining data/gulkan-0.15.1/src/gulkan-geometry.c
Examining data/gulkan-0.15.1/src/gulkan-geometry.h
Examining data/gulkan-0.15.1/src/gulkan-instance.c
Examining data/gulkan-0.15.1/src/gulkan-instance.h
Examining data/gulkan-0.15.1/src/gulkan-queue.c
Examining data/gulkan-0.15.1/src/gulkan-queue.h
Examining data/gulkan-0.15.1/src/gulkan-render-pass.c
Examining data/gulkan-0.15.1/src/gulkan-render-pass.h
Examining data/gulkan-0.15.1/src/gulkan-renderer.c
Examining data/gulkan-0.15.1/src/gulkan-renderer.h
Examining data/gulkan-0.15.1/src/gulkan-swapchain-renderer.c
Examining data/gulkan-0.15.1/src/gulkan-swapchain-renderer.h
Examining data/gulkan-0.15.1/src/gulkan-swapchain.c
Examining data/gulkan-0.15.1/src/gulkan-swapchain.h
Examining data/gulkan-0.15.1/src/gulkan-texture.c
Examining data/gulkan-0.15.1/src/gulkan-texture.h
Examining data/gulkan-0.15.1/src/gulkan-uniform-buffer.c
Examining data/gulkan-0.15.1/src/gulkan-uniform-buffer.h
Examining data/gulkan-0.15.1/src/gulkan-vertex-buffer.c
Examining data/gulkan-0.15.1/src/gulkan-vertex-buffer.h
Examining data/gulkan-0.15.1/src/gulkan.h
Examining data/gulkan-0.15.1/tests/test_client.c
Examining data/gulkan-0.15.1/tests/test_device.c
Examining data/gulkan-0.15.1/tests/test_instance.c
Examining data/gulkan-0.15.1/tests/test_renderer.c
Examining data/gulkan-0.15.1/tests/test_texture.c
Examining data/gulkan-0.15.1/tests/test_texture_external.c

FINAL RESULTS:

data/gulkan-0.15.1/examples/cube.c:208:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (ubo.normal_matrix, ubo.mv_matrix, sizeof ubo.normal_matrix);
data/gulkan-0.15.1/examples/dmabuf.c:34:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  int dev_fd = open ("/dev/dri/renderD128", 02, 0);
data/gulkan-0.15.1/examples/toy.c:241:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (code, bytes, len);
data/gulkan-0.15.1/src/gulkan-buffer.c:176:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (tmp, data, size);
data/gulkan-0.15.1/src/gulkan-texture.c:355:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (&mipmap.buffer_image_copies[0], &buffer_image_copy,
data/gulkan-0.15.1/src/gulkan-texture.c:360:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (current, gdk_pixbuf_get_pixels (pixbuf), original_size);
data/gulkan-0.15.1/src/gulkan-texture.c:388:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (current,
data/gulkan-0.15.1/src/gulkan-texture.c:399:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (&mipmap.buffer_image_copies[level], &buffer_image_copy,
data/gulkan-0.15.1/src/gulkan-uniform-buffer.c:91:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (self->data, s, self->size);
data/gulkan-0.15.1/src/gulkan-vertex-buffer.c:83:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (map, positions, positions_size);
data/gulkan-0.15.1/src/gulkan-vertex-buffer.c:93:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (map, colors, colors_size);
data/gulkan-0.15.1/src/gulkan-vertex-buffer.c:103:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (map, normals, normals_size);
data/gulkan-0.15.1/examples/toy.c:1167:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen (id) != 6)
data/gulkan-0.15.1/examples/toy.c:1245:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  g_string_erase (id_string, 0, (gssize) strlen (URL_PREFIX));
data/gulkan-0.15.1/examples/toy.c:1307:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    else if (strlen (argv[1]) == 6)

ANALYSIS SUMMARY:

Hits = 15
Lines analyzed = 10477 in approximately 2.20 seconds (4759 lines/second)
Physical Source Lines of Code (SLOC) = 8108
Hits@level = [0]   1 [1]   3 [2]  12 [3]   0 [4]   0 [5]   0
Hits@level+ = [0+]  16 [1+]  15 [2+]  12 [3+]   0 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 1.97336 [1+] 1.85002 [2+] 1.48002 [3+]   0 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.