Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/ocaml-ffmpeg-0.4.3/src/avcodec_stubs.c Examining data/ocaml-ffmpeg-0.4.3/src/avdevice_stubs.c Examining data/ocaml-ffmpeg-0.4.3/src/avutil_stubs.c Examining data/ocaml-ffmpeg-0.4.3/src/avutil_stubs.h Examining data/ocaml-ffmpeg-0.4.3/src/av_stubs.h Examining data/ocaml-ffmpeg-0.4.3/src/swresample_stubs.h Examining data/ocaml-ffmpeg-0.4.3/src/avcodec_stubs.h Examining data/ocaml-ffmpeg-0.4.3/src/av_stubs.c Examining data/ocaml-ffmpeg-0.4.3/src/swscale_stubs.c Examining data/ocaml-ffmpeg-0.4.3/src/gen_code_stubs.c Examining data/ocaml-ffmpeg-0.4.3/src/swresample_stubs.c FINAL RESULTS: data/ocaml-ffmpeg-0.4.3/src/avutil_stubs.h:26:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(ocaml_av_exn_msg, ERROR_MSG_SIZE, __VA_ARGS__); \ data/ocaml-ffmpeg-0.4.3/src/av_stubs.c:314:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf,String_val(buffer),Int_val(res)); data/ocaml-ffmpeg-0.4.3/src/av_stubs.c:333:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(String_val(buffer), buf, buf_size); data/ocaml-ffmpeg-0.4.3/src/avcodec_stubs.c:196:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((uint8_t*)String_val(ans), packet->data, packet->size); data/ocaml-ffmpeg-0.4.3/src/avutil_stubs.c:22:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ocaml_av_exn_msg[ERROR_MSG_SIZE + 1]; data/ocaml-ffmpeg-0.4.3/src/avutil_stubs.c:260:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[LINE_SIZE]; data/ocaml-ffmpeg-0.4.3/src/avutil_stubs.c:330:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/ocaml-ffmpeg-0.4.3/src/swresample_stubs.c:102:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(swr->in.data[0], (uint8_t*)String_val(*in_vector), str_len); data/ocaml-ffmpeg-0.4.3/src/swresample_stubs.c:122:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(swr->in.data[i], (uint8_t*)String_val(str), str_len); data/ocaml-ffmpeg-0.4.3/src/swresample_stubs.c:262:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(String_val(swr->out_vector), swr->out.data[0], len); data/ocaml-ffmpeg-0.4.3/src/swresample_stubs.c:289:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(String_val(Field(swr->out_vector, i)), swr->out.data[i], len); data/ocaml-ffmpeg-0.4.3/src/swscale_stubs.c:237:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sws->in.slice[i], (uint8_t*)String_val(str), str_len); data/ocaml-ffmpeg-0.4.3/src/swscale_stubs.c:338:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((uint8_t*)String_val(str), sws->out.slice[i], sws->out.sizes_tab[i]); ANALYSIS SUMMARY: Hits = 13 Lines analyzed = 5645 in approximately 0.13 seconds (42237 lines/second) Physical Source Lines of Code (SLOC) = 4132 Hits@level = [0] 0 [1] 0 [2] 12 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 13 [1+] 13 [2+] 13 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 3.14618 [1+] 3.14618 [2+] 3.14618 [3+] 0.242014 [4+] 0.242014 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.