Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/parlatype-2.0/libparlatype/gst-plugin-sphinx/gstparlasphinx.c Examining data/parlatype-2.0/libparlatype/gst-plugin-sphinx/gstparlasphinx.h Examining data/parlatype-2.0/libparlatype/src/pt-i18n.c Examining data/parlatype-2.0/libparlatype/src/pt-i18n.h Examining data/parlatype-2.0/libparlatype/src/pt-player.c Examining data/parlatype-2.0/libparlatype/src/pt-player.h Examining data/parlatype-2.0/libparlatype/src/pt-waveloader.c Examining data/parlatype-2.0/libparlatype/src/pt-waveloader.h Examining data/parlatype-2.0/libparlatype/src/pt-waveviewer-cursor.c Examining data/parlatype-2.0/libparlatype/src/pt-waveviewer-cursor.h Examining data/parlatype-2.0/libparlatype/src/pt-waveviewer-focus.c Examining data/parlatype-2.0/libparlatype/src/pt-waveviewer-focus.h Examining data/parlatype-2.0/libparlatype/src/pt-waveviewer-ruler.c Examining data/parlatype-2.0/libparlatype/src/pt-waveviewer-ruler.h Examining data/parlatype-2.0/libparlatype/src/pt-waveviewer-selection.c Examining data/parlatype-2.0/libparlatype/src/pt-waveviewer-selection.h Examining data/parlatype-2.0/libparlatype/src/pt-waveviewer-waveform.c Examining data/parlatype-2.0/libparlatype/src/pt-waveviewer-waveform.h Examining data/parlatype-2.0/libparlatype/src/pt-waveviewer.c Examining data/parlatype-2.0/libparlatype/src/pt-waveviewer.h Examining data/parlatype-2.0/libparlatype/tests/player.c Examining data/parlatype-2.0/libparlatype/tests/waveloader.c Examining data/parlatype-2.0/libparlatype/tests/waveviewer.c Examining data/parlatype-2.0/src/main.c Examining data/parlatype-2.0/src/pt-app.c Examining data/parlatype-2.0/src/pt-app.h Examining data/parlatype-2.0/src/pt-asr-assistant-helpers.c Examining data/parlatype-2.0/src/pt-asr-assistant-helpers.h Examining data/parlatype-2.0/src/pt-asr-assistant.c Examining data/parlatype-2.0/src/pt-asr-assistant.h Examining data/parlatype-2.0/src/pt-asr-output.c Examining data/parlatype-2.0/src/pt-asr-output.h Examining data/parlatype-2.0/src/pt-asr-settings.c Examining data/parlatype-2.0/src/pt-asr-settings.h Examining data/parlatype-2.0/src/pt-controller.c Examining data/parlatype-2.0/src/pt-controller.h Examining data/parlatype-2.0/src/pt-dbus-service.c Examining data/parlatype-2.0/src/pt-dbus-service.h Examining data/parlatype-2.0/src/pt-goto-dialog.c Examining data/parlatype-2.0/src/pt-goto-dialog.h Examining data/parlatype-2.0/src/pt-mediakeys.c Examining data/parlatype-2.0/src/pt-mediakeys.h Examining data/parlatype-2.0/src/pt-preferences.c Examining data/parlatype-2.0/src/pt-preferences.h Examining data/parlatype-2.0/src/pt-window-dnd.c Examining data/parlatype-2.0/src/pt-window-dnd.h Examining data/parlatype-2.0/src/pt-window-private.h Examining data/parlatype-2.0/src/pt-window.c Examining data/parlatype-2.0/src/pt-window.h FINAL RESULTS: data/parlatype-2.0/src/pt-goto-dialog.c:49:9: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. args = sscanf (time_string, C_("long time format", "%d:%02d:%02d"), &hour, &min, &sec); data/parlatype-2.0/src/pt-app.c:102:15: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. home_path = g_get_home_dir (); data/parlatype-2.0/libparlatype/gst-plugin-sphinx/gstparlasphinx.c:740:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uttid[16]; data/parlatype-2.0/libparlatype/gst-plugin-sphinx/gstparlasphinx.c:742:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(uttid, "%09u", ps->uttno); data/parlatype-2.0/libparlatype/src/pt-waveloader.c:185:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (wl->priv->lowres->data + wl->priv->lowres_index * sizeof (float), &vmin, sizeof (float)); data/parlatype-2.0/libparlatype/src/pt-waveloader.c:187:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (wl->priv->lowres->data + wl->priv->lowres_index * sizeof (float), &vmax, sizeof (float)); data/parlatype-2.0/libparlatype/src/pt-waveloader.c:634:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (wl->priv->lowres->data + index_out * sizeof (float), &vmin, sizeof (float)); data/parlatype-2.0/libparlatype/src/pt-waveloader.c:636:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (wl->priv->lowres->data + index_out * sizeof (float), &vmax, sizeof (float)); data/parlatype-2.0/libparlatype/gst-plugin-sphinx/gstparlasphinx.c:700:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (hyp && strlen(hyp) > 0) { data/parlatype-2.0/libparlatype/gst-plugin-sphinx/gstparlasphinx.c:732:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer = gst_buffer_new_and_alloc(strlen(hyp) + 1); data/parlatype-2.0/libparlatype/gst-plugin-sphinx/gstparlasphinx.c:733:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gst_buffer_fill(buffer, 0, hyp, strlen(hyp)); data/parlatype-2.0/libparlatype/gst-plugin-sphinx/gstparlasphinx.c:734:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gst_buffer_fill(buffer, strlen(hyp), "\n", 1); data/parlatype-2.0/libparlatype/src/pt-player.c:1603:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmp = g_strdup_printf ("%.*s", (int)strlen (timestamp) -1, timestamp); data/parlatype-2.0/libparlatype/src/pt-player.c:1635:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (split[3]) == 1) data/parlatype-2.0/libparlatype/src/pt-player.c:1645:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (split[2]) == 1) data/parlatype-2.0/libparlatype/tests/player.c:208:9: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). gchar *getchar; data/parlatype-2.0/libparlatype/tests/player.c:211:19: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). g_assert_cmpstr (getchar, ==, fixture->testuri); data/parlatype-2.0/libparlatype/tests/player.c:212:10: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). g_free (getchar); data/parlatype-2.0/libparlatype/tests/player.c:215:19: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). g_assert_cmpstr (getchar, ==, "tick-10sec.ogg"); data/parlatype-2.0/libparlatype/tests/player.c:216:10: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). g_free (getchar); data/parlatype-2.0/src/pt-asr-output.c:337:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). self->priv->offset, string, strlen (string), NULL); data/parlatype-2.0/src/pt-asr-output.c:340:66: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gtk_text_buffer_insert (self->priv->textbuffer, &iter, string, strlen (string)); data/parlatype-2.0/src/pt-asr-output.c:366:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (string_with_space), NULL); data/parlatype-2.0/src/pt-asr-output.c:369:77: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gtk_text_buffer_insert (self->priv->textbuffer, &iter, string_with_space, strlen (string_with_space)); data/parlatype-2.0/src/pt-goto-dialog.c:168:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). width = strlen (time_string); ANALYSIS SUMMARY: Hits = 25 Lines analyzed = 15556 in approximately 0.38 seconds (40826 lines/second) Physical Source Lines of Code (SLOC) = 10639 Hits@level = [0] 0 [1] 17 [2] 6 [3] 1 [4] 1 [5] 0 Hits@level+ = [0+] 25 [1+] 25 [2+] 8 [3+] 2 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 2.34984 [1+] 2.34984 [2+] 0.75195 [3+] 0.187988 [4+] 0.0939938 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.