Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libgisi-0.1.0/gisicomm/gisicomm.c Examining data/libgisi-0.1.0/gisicomm/gisicomm.h Examining data/libgisi-0.1.0/gisi/client.c Examining data/libgisi-0.1.0/gisi/modem.h Examining data/libgisi-0.1.0/gisi/iter.c Examining data/libgisi-0.1.0/gisi/pep.c Examining data/libgisi-0.1.0/gisi/modem.c Examining data/libgisi-0.1.0/gisi/common.h Examining data/libgisi-0.1.0/gisi/socket.h Examining data/libgisi-0.1.0/gisi/server.h Examining data/libgisi-0.1.0/gisi/pipe.c Examining data/libgisi-0.1.0/gisi/server.c Examining data/libgisi-0.1.0/gisi/client.h Examining data/libgisi-0.1.0/gisi/netlink.h Examining data/libgisi-0.1.0/gisi/socket.c Examining data/libgisi-0.1.0/gisi/message.c Examining data/libgisi-0.1.0/gisi/message.h Examining data/libgisi-0.1.0/gisi/iter.h Examining data/libgisi-0.1.0/gisi/netlink.c Examining data/libgisi-0.1.0/gisi/phonet.h Examining data/libgisi-0.1.0/gisi/pipe.h Examining data/libgisi-0.1.0/gisi/pep.h Examining data/libgisi-0.1.0/gisi/libgisi.h Examining data/libgisi-0.1.0/tools/sendisi.c Examining data/libgisi-0.1.0/clients/ss.h Examining data/libgisi-0.1.0/clients/gss.h Examining data/libgisi-0.1.0/clients/sms.h Examining data/libgisi-0.1.0/clients/clients.h Examining data/libgisi-0.1.0/clients/info.h Examining data/libgisi-0.1.0/clients/sim.h Examining data/libgisi-0.1.0/clients/simauth.h Examining data/libgisi-0.1.0/clients/gpds.h Examining data/libgisi-0.1.0/clients/mtc.h Examining data/libgisi-0.1.0/clients/network.h Examining data/libgisi-0.1.0/clients/call.h FINAL RESULTS: data/libgisi-0.1.0/gisi/iter.c:177:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&val, iter->start + pos, sizeof(uint16_t)); data/libgisi-0.1.0/gisi/iter.c:190:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&val, iter->start + pos, sizeof(uint32_t)); data/libgisi-0.1.0/gisi/message.c:139:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&val, buf + offset, sizeof(uint16_t)); data/libgisi-0.1.0/gisi/modem.c:717:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, iov[i].iov_base, iov[i].iov_len); data/libgisi-0.1.0/gisi/netlink.c:164:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SIZE_NLMSG]; data/libgisi-0.1.0/gisi/netlink.c:318:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SIZE_NLMSG]; data/libgisi-0.1.0/gisi/netlink.c:355:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/libgisi-0.1.0/gisi/pep.c:80:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[IF_NAMESIZE]; data/libgisi-0.1.0/gisi/server.c:68:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&server->version, version, sizeof(GIsiVersion)); data/libgisi-0.1.0/gisi/socket.c:44:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[IF_NAMESIZE]; data/libgisi-0.1.0/gisicomm/gisicomm.c:5237:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (p + 2, _tmp4_, (gsize) _tmp7_); data/libgisi-0.1.0/gisicomm/gisicomm.c:5420:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (_data_->p + 2, _data_->_tmp4_, (gsize) _data_->_tmp7_); data/libgisi-0.1.0/gisicomm/gisicomm.c:5428:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (_data_->p + 13, _data_->_tmp10_, (gsize) _data_->_tmp13_); data/libgisi-0.1.0/gisicomm/gisicomm.c:6162:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (dup, self, sizeof (GIsiCommSIMISI_IMSI)); data/libgisi-0.1.0/gisicomm/gisicomm.c:6186:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (dup, self, sizeof (GIsiCommSIMISI_SPN)); data/libgisi-0.1.0/gisicomm/gisicomm.c:8303:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (bcd, _tmp7_, 3 * sizeof (guint8)); data/libgisi-0.1.0/gisicomm/gisicomm.c:8705:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (dup, self, sizeof (GIsiCommNetworkISI_Time)); data/libgisi-0.1.0/gisicomm/gisicomm.c:4991:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp0_ = strlen (self); data/libgisi-0.1.0/gisicomm/gisicomm.c:5235:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp6_ = strlen (_tmp5_); data/libgisi-0.1.0/gisicomm/gisicomm.c:5418:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _data_->_tmp6_ = strlen (_data_->_tmp5_); data/libgisi-0.1.0/gisicomm/gisicomm.c:5426:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _data_->_tmp12_ = strlen (_data_->_tmp11_); data/libgisi-0.1.0/gisicomm/gisicomm.c:9270:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp2_ = strlen (_tmp1_); data/libgisi-0.1.0/gisicomm/gisicomm.c:9771:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp2_ = strlen (_tmp1_); data/libgisi-0.1.0/gisicomm/gisicomm.c:11187:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _data_->_tmp33_ = strlen (_data_->_tmp32_); data/libgisi-0.1.0/gisicomm/gisicomm.c:11261:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _data_->_tmp41_ = strlen (_data_->_tmp40_); data/libgisi-0.1.0/gisicomm/gisicomm.c:11311:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _data_->_tmp57_ = strlen (_data_->_tmp56_); data/libgisi-0.1.0/gisicomm/gisicomm.c:11318:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _data_->_tmp62_ = strlen (_data_->_tmp61_); data/libgisi-0.1.0/gisicomm/gisicomm.c:11322:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _data_->_tmp65_ = strlen (_data_->_tmp64_); data/libgisi-0.1.0/gisicomm/gisicomm.c:11329:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _data_->_tmp70_ = strlen (_data_->_tmp69_); data/libgisi-0.1.0/gisicomm/gisicomm.c:11344:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _data_->_tmp76_ = strlen (_data_->_tmp75_); data/libgisi-0.1.0/gisicomm/gisicomm.c:11359:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _data_->_tmp81_ = strlen (_data_->_tmp80_); data/libgisi-0.1.0/gisicomm/gisicomm.c:11389:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _data_->_tmp93_ = strlen (_data_->_tmp92_); data/libgisi-0.1.0/gisicomm/gisicomm.c:11421:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _data_->_tmp110_ = strlen (_data_->_tmp109_); ANALYSIS SUMMARY: Hits = 33 Lines analyzed = 19805 in approximately 0.66 seconds (30045 lines/second) Physical Source Lines of Code (SLOC) = 16866 Hits@level = [0] 16 [1] 16 [2] 17 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 49 [1+] 33 [2+] 17 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 2.90525 [1+] 1.9566 [2+] 1.00794 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.