Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libgom-0.4/gom/gom-adapter.c
Examining data/libgom-0.4/gom/gom-adapter.h
Examining data/libgom-0.4/gom/gom-autocleanups.h
Examining data/libgom-0.4/gom/gom-command-builder.c
Examining data/libgom-0.4/gom/gom-command-builder.h
Examining data/libgom-0.4/gom/gom-command.c
Examining data/libgom-0.4/gom/gom-command.h
Examining data/libgom-0.4/gom/gom-cursor.c
Examining data/libgom-0.4/gom/gom-cursor.h
Examining data/libgom-0.4/gom/gom-error.c
Examining data/libgom-0.4/gom/gom-error.h
Examining data/libgom-0.4/gom/gom-filter.c
Examining data/libgom-0.4/gom/gom-filter.h
Examining data/libgom-0.4/gom/gom-repository.c
Examining data/libgom-0.4/gom/gom-repository.h
Examining data/libgom-0.4/gom/gom-resource-group.c
Examining data/libgom-0.4/gom/gom-resource-group.h
Examining data/libgom-0.4/gom/gom-resource-priv.h
Examining data/libgom-0.4/gom/gom-resource.c
Examining data/libgom-0.4/gom/gom-resource.h
Examining data/libgom-0.4/gom/gom-sorting.c
Examining data/libgom-0.4/gom/gom-sorting.h
Examining data/libgom-0.4/gom/gom.h
Examining data/libgom-0.4/gom/reserved-keywords.h
Examining data/libgom-0.4/tests/test-gom-adapter.c
Examining data/libgom-0.4/tests/test-gom-constraints.c
Examining data/libgom-0.4/tests/test-gom-datetime.c
Examining data/libgom-0.4/tests/test-gom-find-specific.c
Examining data/libgom-0.4/tests/test-gom-find.c
Examining data/libgom-0.4/tests/test-gom-insert.c
Examining data/libgom-0.4/tests/test-gom-migration.c
Examining data/libgom-0.4/tests/test-gom-repository.c
Examining data/libgom-0.4/tests/test-gom-sorting.c
Examining data/libgom-0.4/tests/test-gom-stress.c
Examining data/libgom-0.4/tests/test-gom-table-name.c
Examining data/libgom-0.4/tests/test-gom-transform.c
Examining data/libgom-0.4/tests/test-gom-update.c
FINAL RESULTS:
data/libgom-0.4/gom/gom-command.c:126:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_byte_array_append(bytes, (guchar *)strv[i], strlen(strv[i]) + 1);
data/libgom-0.4/gom/gom-cursor.c:112:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i += strlen(str);
data/libgom-0.4/gom/gom-resource.c:57:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_return_if_fail(strlen(primary_key) <= sizeof(resource_class->primary_key));
data/libgom-0.4/gom/gom-resource.c:223:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_return_if_fail(strlen(table) <= sizeof(resource_class->table));
ANALYSIS SUMMARY:
Hits = 4
Lines analyzed = 12933 in approximately 0.38 seconds (33806 lines/second)
Physical Source Lines of Code (SLOC) = 9743
Hits@level = [0] 0 [1] 4 [2] 0 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 4 [1+] 4 [2+] 0 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 0.410551 [1+] 0.410551 [2+] 0 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.