Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtkspell.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtk.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gvaluecaml.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtksourceview.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtkrange.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtkaction.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_domain.h
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gnomedruid.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gnomecanvas.c
Examining data/lablgtk2-2.18.8+dfsg/src/gdkprivate-win32.h
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtktree.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtkmisc.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtkbin.c
Examining data/lablgtk2-2.18.8+dfsg/src/absvalue/caml/mlvalues.h
Examining data/lablgtk2-2.18.8+dfsg/src/absvalue/caml/callback.h
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtknew.c
Examining data/lablgtk2-2.18.8+dfsg/src/win32.h
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtktext.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_glib.h
Examining data/lablgtk2-2.18.8+dfsg/src/wrappers.h
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtktree.h
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gobject.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gobject.h
Examining data/lablgtk2-2.18.8+dfsg/src/wrappers.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtksourceview2.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtkpack.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtkxmhtml.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gdk.h
Examining data/lablgtk2-2.18.8+dfsg/src/ml_glade.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtkbroken.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_pango.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtkfile.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtkmenu.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtkbutton.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_panel.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gdk.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_pango.h
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtk.h
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtklist.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtkgl.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_glib.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gpointer.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gpointer.h
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gvaluecaml.h
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtktext.h
Examining data/lablgtk2-2.18.8+dfsg/src/ml_rsvg.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtkassistant.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gdkpixbuf.h
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gdkpixbuf.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtkedit.c
Examining data/lablgtk2-2.18.8+dfsg/src/ml_gtkstock.c

FINAL RESULTS:

data/lablgtk2-2.18.8+dfsg/src/ml_gtktree.c:958:82:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
#define PATH_STRING(path) (buf1 = (path) ? gtk_tree_path_to_string(path) : "[]", strcpy(buf2,buf1), (path) ? g_free(buf1) : 0, buf2)
data/lablgtk2-2.18.8+dfsg/src/ml_gtktree.c:959:21:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define debug_print printf
data/lablgtk2-2.18.8+dfsg/src/ml_glib.c:610:19:  [3] (buffer) g_get_home_dir:
  This function is synonymous with 'getenv("HOME")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
  const char *s = g_get_home_dir();
data/lablgtk2-2.18.8+dfsg/src/ml_glib.c:613:7:  [3] (buffer) g_get_tmp_dir:
  This function is synonymous with 'getenv("TMP")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
ML_0 (g_get_tmp_dir, copy_string)
data/lablgtk2-2.18.8+dfsg/src/ml_gtksourceview.c:416:59:  [3] (random) g_random_int:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
                n = g_strdup_printf ("%s_%u_%u", name, d, g_random_int ());
data/lablgtk2-2.18.8+dfsg/src/ml_gtksourceview2.c:801:59:  [3] (random) g_random_int:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
                n = g_strdup_printf ("%s_%u_%u", name, d, g_random_int());
data/lablgtk2-2.18.8+dfsg/src/ml_gtktree.c:1114:29:  [3] (random) g_random_int:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
      custom_model->stamp = g_random_int ();
data/lablgtk2-2.18.8+dfsg/src/absvalue/caml/mlvalues.h:158:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
#define Tag_val(val) (((unsigned char *) (val)) [-1])
data/lablgtk2-2.18.8+dfsg/src/absvalue/caml/mlvalues.h:160:32:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
#define Tag_hp(hp) (((unsigned char *) (hp)) [sizeof(value)-1])
data/lablgtk2-2.18.8+dfsg/src/absvalue/caml/mlvalues.h:163:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
#define Tag_val(val) (((unsigned char *) (val)) [-sizeof(value)])
data/lablgtk2-2.18.8+dfsg/src/absvalue/caml/mlvalues.h:165:32:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
#define Tag_hp(hp) (((unsigned char *) (hp)) [0])
data/lablgtk2-2.18.8+dfsg/src/absvalue/caml/mlvalues.h:228:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
#define Byte(x, i) (((char *) (x)) [i])            /* Also an l-value. */
data/lablgtk2-2.18.8+dfsg/src/absvalue/caml/mlvalues.h:229:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
#define Byte_u(x, i) (((unsigned char *) (x)) [i]) /* Also an l-value. */
data/lablgtk2-2.18.8+dfsg/src/ml_gdk.c:481:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy (String_val(data), xdata, sizeof(char) * nitems);
data/lablgtk2-2.18.8+dfsg/src/ml_gdkpixbuf.c:348:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (String_val(s), buf, count);
data/lablgtk2-2.18.8+dfsg/src/ml_glib.c:466:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (String_val(v), str, len);
data/lablgtk2-2.18.8+dfsg/src/ml_gnomecanvas.c:153:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(Bp_val(v), coords, sizeof coords);
data/lablgtk2-2.18.8+dfsg/src/ml_gnomecanvas.c:230:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(Bp_val(arr), item->xform, len * sizeof (double));
data/lablgtk2-2.18.8+dfsg/src/ml_gnomecanvas.c:264:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(coords, Bp_val(a), sizeof coords);
data/lablgtk2-2.18.8+dfsg/src/ml_gnomecanvas.c:275:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(coords, Bp_val(a), sizeof coords);
data/lablgtk2-2.18.8+dfsg/src/ml_gnomecanvas.c:339:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(Bp_val(v), coords, sizeof coords);
data/lablgtk2-2.18.8+dfsg/src/ml_gnomecanvas.c:349:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(Bp_val(v), coords, sizeof coords);
data/lablgtk2-2.18.8+dfsg/src/ml_gnomecanvas.c:383:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(p->coords, Bp_val(arr), Bosize_val(arr));
data/lablgtk2-2.18.8+dfsg/src/ml_gnomecanvas.c:390:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(Bp_val(ret), p->coords, p->num_points * 2 * sizeof(double));
data/lablgtk2-2.18.8+dfsg/src/ml_gnomecanvas.c:404:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(d->dash, Bp_val(dash), Bosize_val(dash));
data/lablgtk2-2.18.8+dfsg/src/ml_gnomecanvas.c:413:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(Bp_val(dashes), d->dash, d->n_dash * sizeof (double));
data/lablgtk2-2.18.8+dfsg/src/ml_gpointer.c:54:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy ((char*)ret, start, length);
data/lablgtk2-2.18.8+dfsg/src/ml_gpointer.c:109:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (base2, base1, RegLength_val(region1));
data/lablgtk2-2.18.8+dfsg/src/ml_gtk.c:517:23:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    if (data->length) memcpy ((void*)ret, data->data, data->length);
data/lablgtk2-2.18.8+dfsg/src/ml_gtktree.c:952:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char buf2[1000];
data/lablgtk2-2.18.8+dfsg/src/ml_panel.c:186:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *prog_name, *argv[ argc ];
data/lablgtk2-2.18.8+dfsg/src/wrappers.c:42:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy ((value *) ret + 2, src, size);
data/lablgtk2-2.18.8+dfsg/src/ml_glib.c:369:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  gsize read;
data/lablgtk2-2.18.8+dfsg/src/ml_glib.c:373:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			    &read)) {
data/lablgtk2-2.18.8+dfsg/src/ml_glib.c:375:21:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    return Val_int( read );
data/lablgtk2-2.18.8+dfsg/src/ml_glib.c:389:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  gsize read;
data/lablgtk2-2.18.8+dfsg/src/ml_glib.c:395:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		      &read, 
data/lablgtk2-2.18.8+dfsg/src/ml_glib.c:400:21:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    return Val_int( read );
data/lablgtk2-2.18.8+dfsg/src/ml_gpointer.c:52:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int length = Option_val(len, Int_val, strlen(start));

ANALYSIS SUMMARY:

Hits = 39
Lines analyzed = 13995 in approximately 1.20 seconds (11671 lines/second)
Physical Source Lines of Code (SLOC) = 10206
Hits@level = [0]   2 [1]   7 [2]  25 [3]   5 [4]   2 [5]   0
Hits@level+ = [0+]  41 [1+]  39 [2+]  32 [3+]   7 [4+]   2 [5+]   0
Hits/KSLOC@level+ = [0+] 4.01724 [1+] 3.82128 [2+] 3.13541 [3+] 0.685871 [4+] 0.195963 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.