Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/gulkan-0.15.1/examples/cairo.c Examining data/gulkan-0.15.1/examples/common/common.c Examining data/gulkan-0.15.1/examples/common/common.h Examining data/gulkan-0.15.1/examples/common/model-renderer.c Examining data/gulkan-0.15.1/examples/common/model-renderer.h Examining data/gulkan-0.15.1/examples/common/plane-example.c Examining data/gulkan-0.15.1/examples/common/plane-example.h Examining data/gulkan-0.15.1/examples/common/plane-renderer.c Examining data/gulkan-0.15.1/examples/common/plane-renderer.h Examining data/gulkan-0.15.1/examples/cube.c Examining data/gulkan-0.15.1/examples/dmabuf.c Examining data/gulkan-0.15.1/examples/external-memory.c Examining data/gulkan-0.15.1/examples/pixbuf-linear.c Examining data/gulkan-0.15.1/examples/pixbuf.c Examining data/gulkan-0.15.1/examples/threading.c Examining data/gulkan-0.15.1/examples/toy.c Examining data/gulkan-0.15.1/src/gulkan-buffer.c Examining data/gulkan-0.15.1/src/gulkan-buffer.h Examining data/gulkan-0.15.1/src/gulkan-client.c Examining data/gulkan-0.15.1/src/gulkan-client.h Examining data/gulkan-0.15.1/src/gulkan-cmd-buffer-private.h Examining data/gulkan-0.15.1/src/gulkan-cmd-buffer.c Examining data/gulkan-0.15.1/src/gulkan-cmd-buffer.h Examining data/gulkan-0.15.1/src/gulkan-descriptor-pool.c Examining data/gulkan-0.15.1/src/gulkan-descriptor-pool.h Examining data/gulkan-0.15.1/src/gulkan-device.c Examining data/gulkan-0.15.1/src/gulkan-device.h Examining data/gulkan-0.15.1/src/gulkan-frame-buffer.c Examining data/gulkan-0.15.1/src/gulkan-frame-buffer.h Examining data/gulkan-0.15.1/src/gulkan-geometry.c Examining data/gulkan-0.15.1/src/gulkan-geometry.h Examining data/gulkan-0.15.1/src/gulkan-instance.c Examining data/gulkan-0.15.1/src/gulkan-instance.h Examining data/gulkan-0.15.1/src/gulkan-queue.c Examining data/gulkan-0.15.1/src/gulkan-queue.h Examining data/gulkan-0.15.1/src/gulkan-render-pass.c Examining data/gulkan-0.15.1/src/gulkan-render-pass.h Examining data/gulkan-0.15.1/src/gulkan-renderer.c Examining data/gulkan-0.15.1/src/gulkan-renderer.h Examining data/gulkan-0.15.1/src/gulkan-swapchain-renderer.c Examining data/gulkan-0.15.1/src/gulkan-swapchain-renderer.h Examining data/gulkan-0.15.1/src/gulkan-swapchain.c Examining data/gulkan-0.15.1/src/gulkan-swapchain.h Examining data/gulkan-0.15.1/src/gulkan-texture.c Examining data/gulkan-0.15.1/src/gulkan-texture.h Examining data/gulkan-0.15.1/src/gulkan-uniform-buffer.c Examining data/gulkan-0.15.1/src/gulkan-uniform-buffer.h Examining data/gulkan-0.15.1/src/gulkan-vertex-buffer.c Examining data/gulkan-0.15.1/src/gulkan-vertex-buffer.h Examining data/gulkan-0.15.1/src/gulkan.h Examining data/gulkan-0.15.1/tests/test_client.c Examining data/gulkan-0.15.1/tests/test_device.c Examining data/gulkan-0.15.1/tests/test_instance.c Examining data/gulkan-0.15.1/tests/test_renderer.c Examining data/gulkan-0.15.1/tests/test_texture.c Examining data/gulkan-0.15.1/tests/test_texture_external.c FINAL RESULTS: data/gulkan-0.15.1/examples/cube.c:208:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ubo.normal_matrix, ubo.mv_matrix, sizeof ubo.normal_matrix); data/gulkan-0.15.1/examples/dmabuf.c:34:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int dev_fd = open ("/dev/dri/renderD128", 02, 0); data/gulkan-0.15.1/examples/toy.c:241:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (code, bytes, len); data/gulkan-0.15.1/src/gulkan-buffer.c:176:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (tmp, data, size); data/gulkan-0.15.1/src/gulkan-texture.c:355:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&mipmap.buffer_image_copies[0], &buffer_image_copy, data/gulkan-0.15.1/src/gulkan-texture.c:360:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (current, gdk_pixbuf_get_pixels (pixbuf), original_size); data/gulkan-0.15.1/src/gulkan-texture.c:388:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (current, data/gulkan-0.15.1/src/gulkan-texture.c:399:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&mipmap.buffer_image_copies[level], &buffer_image_copy, data/gulkan-0.15.1/src/gulkan-uniform-buffer.c:91:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (self->data, s, self->size); data/gulkan-0.15.1/src/gulkan-vertex-buffer.c:83:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (map, positions, positions_size); data/gulkan-0.15.1/src/gulkan-vertex-buffer.c:93:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (map, colors, colors_size); data/gulkan-0.15.1/src/gulkan-vertex-buffer.c:103:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (map, normals, normals_size); data/gulkan-0.15.1/examples/toy.c:1167:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (id) != 6) data/gulkan-0.15.1/examples/toy.c:1245:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_string_erase (id_string, 0, (gssize) strlen (URL_PREFIX)); data/gulkan-0.15.1/examples/toy.c:1307:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strlen (argv[1]) == 6) ANALYSIS SUMMARY: Hits = 15 Lines analyzed = 10477 in approximately 2.20 seconds (4759 lines/second) Physical Source Lines of Code (SLOC) = 8108 Hits@level = [0] 1 [1] 3 [2] 12 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 16 [1+] 15 [2+] 12 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 1.97336 [1+] 1.85002 [2+] 1.48002 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.