Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libquvi-0.9.3/src/net/http_metainfo.c
Examining data/libquvi-0.9.3/src/net/resolve.h
Examining data/libquvi-0.9.3/src/net/handle.h
Examining data/libquvi-0.9.3/src/net/resolve.c
Examining data/libquvi-0.9.3/src/net/fetch.h
Examining data/libquvi-0.9.3/src/net/fetch.c
Examining data/libquvi-0.9.3/src/net/handle.c
Examining data/libquvi-0.9.3/src/_quvi_s.h
Examining data/libquvi-0.9.3/src/_quvi_script_s.h
Examining data/libquvi-0.9.3/src/lua/chk.h
Examining data/libquvi-0.9.3/src/lua/exec_subtitle_script_parse.c
Examining data/libquvi-0.9.3/src/lua/exec_scan_script_parse.c
Examining data/libquvi-0.9.3/src/lua/match_url_to_media_script.c
Examining data/libquvi-0.9.3/src/lua/chk.c
Examining data/libquvi-0.9.3/src/lua/init.c
Examining data/libquvi-0.9.3/src/lua/quvi/base64/encode.c
Examining data/libquvi-0.9.3/src/lua/quvi/base64/decode.c
Examining data/libquvi-0.9.3/src/lua/quvi/crypto/err.c
Examining data/libquvi-0.9.3/src/lua/quvi/crypto/hash.c
Examining data/libquvi-0.9.3/src/lua/quvi/crypto/en_decrypt.c
Examining data/libquvi-0.9.3/src/lua/quvi/crypto/copts.c
Examining data/libquvi-0.9.3/src/lua/quvi/crypto/opts.h
Examining data/libquvi-0.9.3/src/lua/quvi/crypto/err.h
Examining data/libquvi-0.9.3/src/lua/quvi/http/resolve.c
Examining data/libquvi-0.9.3/src/lua/quvi/http/cookie.c
Examining data/libquvi-0.9.3/src/lua/quvi/http/header.c
Examining data/libquvi-0.9.3/src/lua/quvi/http/metainfo.c
Examining data/libquvi-0.9.3/src/lua/quvi/http/fetch.c
Examining data/libquvi-0.9.3/src/lua/quvi/opts.h
Examining data/libquvi-0.9.3/src/lua/quvi/opts.c
Examining data/libquvi-0.9.3/src/lua/load_util_script.c
Examining data/libquvi-0.9.3/src/lua/load_util_script.h
Examining data/libquvi-0.9.3/src/lua/match_url_to_subtitle_script.c
Examining data/libquvi-0.9.3/src/lua/exec_subtitle_export_script_export.c
Examining data/libquvi-0.9.3/src/lua/exec.h
Examining data/libquvi-0.9.3/src/lua/exec_subtitle_export_script_ident.c
Examining data/libquvi-0.9.3/src/lua/exec_media_script_parse.c
Examining data/libquvi-0.9.3/src/lua/def.h
Examining data/libquvi-0.9.3/src/lua/setfield.h
Examining data/libquvi-0.9.3/src/lua/exec_playlist_script_ident.c
Examining data/libquvi-0.9.3/src/lua/exec_playlist_script_parse.c
Examining data/libquvi-0.9.3/src/lua/util/exec_util_resolve_redirections.c
Examining data/libquvi-0.9.3/src/lua/util/exec_util_convert_entities.c
Examining data/libquvi-0.9.3/src/lua/util/exec_util_to_file_ext.c
Examining data/libquvi-0.9.3/src/lua/match_url_to_playlist_script.c
Examining data/libquvi-0.9.3/src/lua/modify_pkgpath.c
Examining data/libquvi-0.9.3/src/lua/exec_media_script_ident.c
Examining data/libquvi-0.9.3/src/lua/getfield.c
Examining data/libquvi-0.9.3/src/lua/setfield.c
Examining data/libquvi-0.9.3/src/lua/getfield.h
Examining data/libquvi-0.9.3/src/lua/exec_subtitle_script_ident.c
Examining data/libquvi-0.9.3/src/_quvi_net_resolve_s.h
Examining data/libquvi-0.9.3/src/gcrypt/crypto.c
Examining data/libquvi-0.9.3/src/gcrypt/crypto.h
Examining data/libquvi-0.9.3/src/gcrypt/init.c
Examining data/libquvi-0.9.3/src/quvi-0.9/quvi/qversion.h
Examining data/libquvi-0.9.3/src/quvi-0.9/quvi/qsupp.h
Examining data/libquvi-0.9.3/src/quvi-0.9/quvi/qmediaprop.h
Examining data/libquvi-0.9.3/src/quvi-0.9/quvi/qhttpmiprop.h
Examining data/libquvi-0.9.3/src/quvi-0.9/quvi/qplaylistprop.h
Examining data/libquvi-0.9.3/src/quvi-0.9/quvi/qscript.h
Examining data/libquvi-0.9.3/src/quvi-0.9/quvi/qcallback.h
Examining data/libquvi-0.9.3/src/quvi-0.9/quvi/qbool.h
Examining data/libquvi-0.9.3/src/quvi-0.9/quvi/qdef.h
Examining data/libquvi-0.9.3/src/quvi-0.9/quvi/qinfo.h
Examining data/libquvi-0.9.3/src/quvi-0.9/quvi/qoption.h
Examining data/libquvi-0.9.3/src/quvi-0.9/quvi/qerror.h
Examining data/libquvi-0.9.3/src/quvi-0.9/quvi/qsubtprop.h
Examining data/libquvi-0.9.3/src/quvi-0.9/quvi/qfunc.h
Examining data/libquvi-0.9.3/src/quvi-0.9/quvi.h
Examining data/libquvi-0.9.3/src/_quvi_scan_s.h
Examining data/libquvi-0.9.3/src/_quvi_media_s.h
Examining data/libquvi-0.9.3/src/curl/init.c
Examining data/libquvi-0.9.3/src/curl/temp.h
Examining data/libquvi-0.9.3/src/curl/http_metainfo.c
Examining data/libquvi-0.9.3/src/curl/close.c
Examining data/libquvi-0.9.3/src/curl/autoproxy.h
Examining data/libquvi-0.9.3/src/curl/resolve.c
Examining data/libquvi-0.9.3/src/curl/temp.c
Examining data/libquvi-0.9.3/src/curl/autoproxy.c
Examining data/libquvi-0.9.3/src/curl/fetch.c
Examining data/libquvi-0.9.3/src/curl/reset.c
Examining data/libquvi-0.9.3/src/_quvi_subtitle_export_s.h
Examining data/libquvi-0.9.3/src/_quvi_http_metainfo_s.h
Examining data/libquvi-0.9.3/src/_quvi_subtitle_s.h
Examining data/libquvi-0.9.3/src/_quvi_playlist_s.h
Examining data/libquvi-0.9.3/src/_quvi_net_s.h
Examining data/libquvi-0.9.3/src/api/resolve_forwarded.c
Examining data/libquvi-0.9.3/src/api/playlist_free.c
Examining data/libquvi-0.9.3/src/api/version.c
Examining data/libquvi-0.9.3/src/api/supports.c
Examining data/libquvi-0.9.3/src/api/http_metainfo_get.c
Examining data/libquvi-0.9.3/src/api/playlist_new.c
Examining data/libquvi-0.9.3/src/api/scan_new.c
Examining data/libquvi-0.9.3/src/api/subtitle_type_next.c
Examining data/libquvi-0.9.3/src/api/http_metainfo_free.c
Examining data/libquvi-0.9.3/src/api/http_metainfo_new.c
Examining data/libquvi-0.9.3/src/api/script_next.c
Examining data/libquvi-0.9.3/src/api/media_stream_next.c
Examining data/libquvi-0.9.3/src/api/subtitle_free.c
Examining data/libquvi-0.9.3/src/api/ok.c
Examining data/libquvi-0.9.3/src/api/media_stream_select.c
Examining data/libquvi-0.9.3/src/api/subtitle_lang_next.c
Examining data/libquvi-0.9.3/src/api/media_stream_reset.c
Examining data/libquvi-0.9.3/src/api/errmsg.c
Examining data/libquvi-0.9.3/src/api/subtitle_export_data.c
Examining data/libquvi-0.9.3/src/api/playlist_get.c
Examining data/libquvi-0.9.3/src/api/resolve_free.c
Examining data/libquvi-0.9.3/src/api/media_new.c
Examining data/libquvi-0.9.3/src/api/media_get.c
Examining data/libquvi-0.9.3/src/api/file_ext_new.c
Examining data/libquvi-0.9.3/src/api/subtitle_select.c
Examining data/libquvi-0.9.3/src/api/resolve_new.c
Examining data/libquvi-0.9.3/src/api/file_ext_get.c
Examining data/libquvi-0.9.3/src/api/subtitle_type_get.c
Examining data/libquvi-0.9.3/src/api/script_get.c
Examining data/libquvi-0.9.3/src/api/playlist_media_next.c
Examining data/libquvi-0.9.3/src/api/subtitle_lang_get.c
Examining data/libquvi-0.9.3/src/api/file_ext_free.c
Examining data/libquvi-0.9.3/src/api/subtitle_export_new.c
Examining data/libquvi-0.9.3/src/api/media_stream_choose_best.c
Examining data/libquvi-0.9.3/src/api/playlist_media_reset.c
Examining data/libquvi-0.9.3/src/api/set.c
Examining data/libquvi-0.9.3/src/api/subtitle_type_reset.c
Examining data/libquvi-0.9.3/src/api/subtitle_new.c
Examining data/libquvi-0.9.3/src/api/subtitle_lang_reset.c
Examining data/libquvi-0.9.3/src/api/subtitle_export_free.c
Examining data/libquvi-0.9.3/src/api/scan_next_media_url.c
Examining data/libquvi-0.9.3/src/api/resolve_destination_url.c
Examining data/libquvi-0.9.3/src/api/free.c
Examining data/libquvi-0.9.3/src/api/scan_free.c
Examining data/libquvi-0.9.3/src/api/new.c
Examining data/libquvi-0.9.3/src/api/media_free.c
Examining data/libquvi-0.9.3/src/api/errcode.c
Examining data/libquvi-0.9.3/src/api/get.c
Examining data/libquvi-0.9.3/src/_quvi_file_ext_s.h
Examining data/libquvi-0.9.3/src/_quvi_macro.h
Examining data/libquvi-0.9.3/src/misc/match_subtitle_export_script.h
Examining data/libquvi-0.9.3/src/misc/script_free.c
Examining data/libquvi-0.9.3/src/misc/subtitle_export.c
Examining data/libquvi-0.9.3/src/misc/playlist.h
Examining data/libquvi-0.9.3/src/misc/subtitle.c
Examining data/libquvi-0.9.3/src/misc/scan_new.c
Examining data/libquvi-0.9.3/src/misc/match.c
Examining data/libquvi-0.9.3/src/misc/trim.c
Examining data/libquvi-0.9.3/src/misc/playlist.c
Examining data/libquvi-0.9.3/src/misc/match_playlist_script.h
Examining data/libquvi-0.9.3/src/misc/slst.h
Examining data/libquvi-0.9.3/src/misc/resolve.h
Examining data/libquvi-0.9.3/src/misc/slst.c
Examining data/libquvi-0.9.3/src/misc/media.c
Examining data/libquvi-0.9.3/src/misc/capture.c
Examining data/libquvi-0.9.3/src/misc/resolve.c
Examining data/libquvi-0.9.3/src/misc/match_subtitle_script.c
Examining data/libquvi-0.9.3/src/misc/re.h
Examining data/libquvi-0.9.3/src/misc/scan_new.h
Examining data/libquvi-0.9.3/src/misc/unescape.c
Examining data/libquvi-0.9.3/src/misc/media.h
Examining data/libquvi-0.9.3/src/misc/match_media_script.h
Examining data/libquvi-0.9.3/src/misc/match_media_script.c
Examining data/libquvi-0.9.3/src/misc/unescape.h
Examining data/libquvi-0.9.3/src/misc/script_free.h
Examining data/libquvi-0.9.3/src/misc/to_utf8.c
Examining data/libquvi-0.9.3/src/misc/subtitle_export.h
Examining data/libquvi-0.9.3/src/misc/match_playlist_script.c
Examining data/libquvi-0.9.3/src/misc/match_subtitle_script.h
Examining data/libquvi-0.9.3/src/misc/scan_scripts.c
Examining data/libquvi-0.9.3/src/misc/match_subtitle_export_script.c
Examining data/libquvi-0.9.3/src/misc/subtitle.h
Examining data/libquvi-0.9.3/tests/lib/tests.h
Examining data/libquvi-0.9.3/tests/lib/re.c
Examining data/libquvi-0.9.3/tests/lib/env.c
Examining data/libquvi-0.9.3/tests/lib/qerr.c
Examining data/libquvi-0.9.3/tests/supports.c
Examining data/libquvi-0.9.3/tests/subtitle.c
Examining data/libquvi-0.9.3/tests/playlist.c
Examining data/libquvi-0.9.3/tests/http_metainfo.c
Examining data/libquvi-0.9.3/tests/script.c
Examining data/libquvi-0.9.3/tests/media.c
Examining data/libquvi-0.9.3/tests/resolve.c
Examining data/libquvi-0.9.3/tests/quvi.c
Examining data/libquvi-0.9.3/tests/scan.c
Examining data/libquvi-0.9.3/tests/goto.c
Examining data/libquvi-0.9.3/examples/lib/chk.c
Examining data/libquvi-0.9.3/examples/lib/exit_if_error.c
Examining data/libquvi-0.9.3/examples/lib/enable_cookies.c
Examining data/libquvi-0.9.3/examples/lib/status.c
Examining data/libquvi-0.9.3/examples/lib/cleanup.c
Examining data/libquvi-0.9.3/examples/lib/enable_verbose.c
Examining data/libquvi-0.9.3/examples/lib/enable_autoproxy.c
Examining data/libquvi-0.9.3/examples/lib/examples.h
Examining data/libquvi-0.9.3/examples/lib/var.c
Examining data/libquvi-0.9.3/examples/version.c
Examining data/libquvi-0.9.3/examples/supports.c
Examining data/libquvi-0.9.3/examples/subtitle.c
Examining data/libquvi-0.9.3/examples/playlist.c
Examining data/libquvi-0.9.3/examples/http_metainfo.c
Examining data/libquvi-0.9.3/examples/script.c
Examining data/libquvi-0.9.3/examples/file_ext.c
Examining data/libquvi-0.9.3/examples/media.c
Examining data/libquvi-0.9.3/examples/resolve.c
Examining data/libquvi-0.9.3/examples/scan.c
FINAL RESULTS:
data/libquvi-0.9.3/src/curl/temp.c:58:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(ct->p[ct->size]), p, rsize);
data/libquvi-0.9.3/src/gcrypt/crypto.c:185:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, data, dlen);
data/libquvi-0.9.3/src/gcrypt/crypto.c:210:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(c->out.data[c->out.dlen]), out, c->cipher.blklen);
data/libquvi-0.9.3/src/gcrypt/crypto.c:223:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, data, dlen);
data/libquvi-0.9.3/src/gcrypt/crypto.c:253:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(c->out.data[c->out.dlen]), out, n);
data/libquvi-0.9.3/src/gcrypt/crypto.c:359:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(hexstr);
data/libquvi-0.9.3/src/lua/quvi/http/header.c:65:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s) >0)
data/libquvi-0.9.3/src/misc/match_media_script.c:89:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (show_script != NULL && strlen(show_script) >0)
data/libquvi-0.9.3/src/misc/match_playlist_script.c:78:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (show_script != NULL && strlen(show_script) >0)
data/libquvi-0.9.3/src/misc/match_subtitle_export_script.c:79:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (show_script != NULL && strlen(show_script) >0)
data/libquvi-0.9.3/src/misc/match_subtitle_script.c:76:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (show_script != NULL && strlen(show_script) >0)
data/libquvi-0.9.3/src/misc/scan_scripts.c:130:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (show_script != NULL && strlen(show_script) >0)
data/libquvi-0.9.3/src/misc/scan_scripts.c:407:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (show_dir != NULL && strlen(show_dir) >0)
data/libquvi-0.9.3/src/misc/scan_scripts.c:423:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (show_script != NULL && strlen(show_script) >0)
data/libquvi-0.9.3/src/misc/scan_scripts.c:442:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (show_script != NULL && strlen(show_script) >0)
data/libquvi-0.9.3/src/misc/scan_scripts.c:527:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (scripts_dir != NULL && strlen(scripts_dir) >0)
data/libquvi-0.9.3/src/misc/scan_scripts.c:609:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (scripts_dir != NULL && strlen(scripts_dir) >0)
data/libquvi-0.9.3/src/misc/scan_scripts.c:685:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
excl_scripts_dir = (s != NULL && strlen(s) >0)
data/libquvi-0.9.3/src/misc/to_utf8.c:35:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (from != NULL && strlen(from) >0)
data/libquvi-0.9.3/tests/http_metainfo.c:35:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert_cmpint(strlen(s), >, 1);\
data/libquvi-0.9.3/tests/lib/env.c:33:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (s == NULL || strlen(s) == 0)
data/libquvi-0.9.3/tests/lib/env.c:68:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (e == NULL || strlen(e) == 0)
data/libquvi-0.9.3/tests/media.c:55:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert_cmpint(strlen(s), >, 1); \
data/libquvi-0.9.3/tests/playlist.c:62:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert_cmpint(strlen(s), >, 0);
data/libquvi-0.9.3/tests/playlist.c:103:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert_cmpint(strlen(s), >, 0);
data/libquvi-0.9.3/tests/playlist.c:117:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert_cmpint(strlen(s), >, 0);
data/libquvi-0.9.3/tests/playlist.c:151:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert_cmpint(strlen(s), >, 0);
data/libquvi-0.9.3/tests/playlist.c:167:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert_cmpint(strlen(s), >, 0);
data/libquvi-0.9.3/tests/scan.c:44:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert_cmpint(strlen(s), >, 0);
data/libquvi-0.9.3/tests/script.c:46:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (strlen(s));
data/libquvi-0.9.3/tests/subtitle.c:57:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert_cmpint(strlen(s), >, 1);
data/libquvi-0.9.3/tests/subtitle.c:168:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert_cmpint(strlen(quvi_subtitle_export_data(qse)), >, 0);
data/libquvi-0.9.3/tests/subtitle.c:273:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert_cmpint(strlen(s), >, 1);
ANALYSIS SUMMARY:
Hits = 33
Lines analyzed = 17553 in approximately 0.55 seconds (31748 lines/second)
Physical Source Lines of Code (SLOC) = 9449
Hits@level = [0] 1 [1] 28 [2] 5 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 34 [1+] 33 [2+] 5 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 3.59826 [1+] 3.49243 [2+] 0.529157 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.