Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/haskell-charsetdetect-ae-1.1.0.4/cbits/dso_handle.c Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/CharDistribution.cpp Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/JpCntx.cpp Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/LangBulgarianModel.cpp Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/LangCyrillicModel.cpp Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/LangGreekModel.cpp Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/LangHebrewModel.cpp Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/LangHungarianModel.cpp Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/LangThaiModel.cpp Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/nsBig5Prober.cpp Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/nsCharSetProber.cpp Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/nsEscCharsetProber.cpp Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/nsEscSM.cpp Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/nsEUCJPProber.cpp Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/nsEUCKRProber.cpp Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/nsEUCTWProber.cpp Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/nsGB2312Prober.cpp Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/nsHebrewProber.cpp Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/nsLatin1Prober.cpp Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/nsMBCSGroupProber.cpp Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/nsMBCSSM.cpp Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/nsSBCharSetProber.cpp Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/nsSBCSGroupProber.cpp Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/nsSJISProber.cpp Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/nsUniversalDetector.cpp Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/nsUTF8Prober.cpp Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/CharDistribution.h Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/JpCntx.h Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/nsBig5Prober.h Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/nsCharSetProber.h Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/nsCodingStateMachine.h Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/nsEscCharsetProber.h Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/nsEUCJPProber.h Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/nsEUCKRProber.h Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/nsEUCTWProber.h Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/nsGB2312Prober.h Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/nsHebrewProber.h Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/nsLatin1Prober.h Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/nsMBCSGroupProber.h Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/nsPkgInt.h Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/nsSBCharSetProber.h Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/nsSBCSGroupProber.h Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/nsSJISProber.h Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/nsUniversalDetector.h Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/nsUTF8Prober.h Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/nspr-emu/obsolete/protypes.h Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/nspr-emu/prcpucfg_freebsd.h Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/nspr-emu/prcpucfg_linux.h Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/nspr-emu/prcpucfg_mac.h Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/nspr-emu/prcpucfg_openbsd.h Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/nspr-emu/prcpucfg_win.h Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/nspr-emu/prmem.h Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/nspr-emu/prtypes.h Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/nspr-emu/prcpucfg.h Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/charsetdetect.cpp Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/charsetdetect.h Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/charsetdetectPriv.h Examining data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/nscore.h FINAL RESULTS: data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/JpCntx.cpp:42:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char jp2CharContext[83][83] = data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/JpCntx.h:49:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char jp2CharContext[83][83]; data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/nsBig5Prober.h:65:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mLastChar[2]; data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/nsEUCJPProber.h:70:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mLastChar[2]; data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/nsEUCKRProber.h:65:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mLastChar[2]; data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/nsEUCTWProber.h:65:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mLastChar[2]; data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/nsGB2312Prober.h:67:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mLastChar[2]; data/haskell-charsetdetect-ae-1.1.0.4/libcharsetdetect/mozilla/extensions/universalchardet/src/base/nsSJISProber.h:71:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mLastChar[2]; ANALYSIS SUMMARY: Hits = 8 Lines analyzed = 9635 in approximately 0.51 seconds (19057 lines/second) Physical Source Lines of Code (SLOC) = 5851 Hits@level = [0] 8 [1] 0 [2] 8 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 16 [1+] 8 [2+] 8 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 2.73458 [1+] 1.36729 [2+] 1.36729 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.