stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libgtkdatabox-0.9.3.1/glade/gladeui-databox.c
Examining data/libgtkdatabox-0.9.3.1/glade/glade-databox.c
Examining data/libgtkdatabox-0.9.3.1/examples/signals.c
Examining data/libgtkdatabox-0.9.3.1/examples/basics.c
Examining data/libgtkdatabox-0.9.3.1/examples/rulers.c
Examining data/libgtkdatabox-0.9.3.1/examples/addremove.c
Examining data/libgtkdatabox-0.9.3.1/examples/markers.c
Examining data/libgtkdatabox-0.9.3.1/examples/grid_array.c
Examining data/libgtkdatabox-0.9.3.1/examples/grid.c
Examining data/libgtkdatabox-0.9.3.1/examples/lissajous.c
Examining data/libgtkdatabox-0.9.3.1/examples/basics2.c
Examining data/libgtkdatabox-0.9.3.1/examples/logarithmic.c
Examining data/libgtkdatabox-0.9.3.1/examples/enable_disable.c
Examining data/libgtkdatabox-0.9.3.1/examples/colors.c
Examining data/libgtkdatabox-0.9.3.1/examples/keycontrol.c
Examining data/libgtkdatabox-0.9.3.1/examples/basics_libglade.c
Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_offset_bars.c
Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_xyyc_graph.c
Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_markers.h
Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_ruler.h
Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox.c
Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_grid.h
Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_xyc_graph.c
Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_points.c
Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_lines.c
Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_regions.c
Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_points.h
Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_graph.h
Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_regions.h
Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_xyyc_graph.h
Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_typedefs.h
Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_bars.c
Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_xyc_graph.h
Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_offset_bars.h
Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox.h
Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_bars.h
Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_ruler.c
Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_marshal.c
Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_cross_simple.h
Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_lines.h
Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_grid.c
Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_marshal.h
Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_scale.c
Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_scale.h
Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_cross_simple.c
Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_graph.c
Examining data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_markers.c

FINAL RESULTS:

data/libgtkdatabox-0.9.3.1/examples/colors.c:60:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
   sprintf (title, "Choose color #%d", sel->index);
data/libgtkdatabox-0.9.3.1/examples/colors.c:87:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buf[128];
data/libgtkdatabox-0.9.3.1/examples/colors.c:93:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
   sprintf (buf, "Change Color #%d", index);
data/libgtkdatabox-0.9.3.1/examples/lissajous.c:65:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
   sprintf (label, "%d", lissajous_counter++);
data/libgtkdatabox-0.9.3.1/examples/basics_libglade.c:63:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   gxml = glade_xml_new_from_buffer (basics_glade, strlen(basics_glade), NULL, NULL);
data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_ruler.c:1068:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(format)>FORMAT_LENGTH) {
data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_ruler.c:1069:121:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            g_warning("maximum format length = %d chars exceeded, truncating to the maximum from %d",FORMAT_LENGTH,(int)strlen(format));
data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_ruler.c:1109:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(format)>FORMAT_LENGTH) {
data/libgtkdatabox-0.9.3.1/gtk/gtkdatabox_ruler.c:1110:121:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            g_warning("maximum format length = %d chars exceeded, truncating to the maximum from %d",FORMAT_LENGTH,(int)strlen(format));

ANALYSIS SUMMARY:

Hits = 9
Lines analyzed = 12040 in approximately 0.83 seconds (14461 lines/second)
Physical Source Lines of Code (SLOC) = 7528
Hits@level = [0]  12 [1]   5 [2]   4 [3]   0 [4]   0 [5]   0
Hits@level+ = [0+]  21 [1+]   9 [2+]   4 [3+]   0 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 2.78959 [1+] 1.19554 [2+] 0.53135 [3+]   0 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.