Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libgtkdatabox-0.9.3.1/glade/gladeui-databox.c Examining data/libgtkdatabox-0.9.3.1/glade/glade-databox.c Examining data/libgtkdatabox-0.9.3.1/examples/signals.c Examining data/libgtkdatabox-0.9.3.1/examples/basics.c Examining data/libgtkdatabox-0.9.3.1/examples/rulers.c Examining data/libgtkdatabox-0.9.3.1/examples/addremove.c Examining data/libgtkdatabox-0.9.3.1/examples/markers.c Examining data/libgtkdatabox-0.9.3.1/examples/grid_array.c Examining data/libgtkdatabox-0.9.3.1/examples/grid.c Examining data/libgtkdatabox-0.9.3.1/examples/lissajous.c Examining data/libgtkdatabox-0.9.3.1/examples/basics2.c Examining data/libgtkdatabox-0.9.3.1/examples/logarithmic.c Examining data/libgtkdatabox-0.9.3.1/examples/enable_disable.c Examining data/libgtkdatabox-0.9.3.1/examples/colors.c Examining data/libgtkdatabox-0.9.3.1/examples/keycontrol.c Examining data/libgtkdatabox-0.9.3.1/examples/basics_libglade.c Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_offset_bars.c Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_xyyc_graph.c Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_markers.h Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_ruler.h Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox.c Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_grid.h Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_xyc_graph.c Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_points.c Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_lines.c Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_regions.c Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_points.h Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_graph.h Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_regions.h Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_xyyc_graph.h Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_typedefs.h Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_bars.c Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_xyc_graph.h Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_offset_bars.h Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox.h Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_bars.h Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_ruler.c Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_marshal.c Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_cross_simple.h Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_lines.h Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_grid.c Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_marshal.h Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_scale.c Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_scale.h Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_cross_simple.c Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_graph.c Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_markers.c FINAL RESULTS: data/libgtkdatabox-0.9.3.1/examples/colors.c:60:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (title, "Choose color #%d", sel->index); data/libgtkdatabox-0.9.3.1/examples/colors.c:87:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/libgtkdatabox-0.9.3.1/examples/colors.c:93:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buf, "Change Color #%d", index); data/libgtkdatabox-0.9.3.1/examples/lissajous.c:65:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (label, "%d", lissajous_counter++); data/libgtkdatabox-0.9.3.1/examples/basics_libglade.c:63:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gxml = glade_xml_new_from_buffer (basics_glade, strlen(basics_glade), NULL, NULL); data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_ruler.c:1068:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(format)>FORMAT_LENGTH) { data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_ruler.c:1069:121: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_warning("maximum format length = %d chars exceeded, truncating to the maximum from %d",FORMAT_LENGTH,(int)strlen(format)); data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_ruler.c:1109:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(format)>FORMAT_LENGTH) { data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_ruler.c:1110:121: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_warning("maximum format length = %d chars exceeded, truncating to the maximum from %d",FORMAT_LENGTH,(int)strlen(format)); ANALYSIS SUMMARY: Hits = 9 Lines analyzed = 12040 in approximately 0.83 seconds (14461 lines/second) Physical Source Lines of Code (SLOC) = 7528 Hits@level = [0] 12 [1] 5 [2] 4 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 21 [1+] 9 [2+] 4 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 2.78959 [1+] 1.19554 [2+] 0.53135 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.