Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/parlatype-2.0/libparlatype/gst-plugin-sphinx/gstparlasphinx.c
Examining data/parlatype-2.0/libparlatype/gst-plugin-sphinx/gstparlasphinx.h
Examining data/parlatype-2.0/libparlatype/src/pt-i18n.c
Examining data/parlatype-2.0/libparlatype/src/pt-i18n.h
Examining data/parlatype-2.0/libparlatype/src/pt-player.c
Examining data/parlatype-2.0/libparlatype/src/pt-player.h
Examining data/parlatype-2.0/libparlatype/src/pt-waveloader.c
Examining data/parlatype-2.0/libparlatype/src/pt-waveloader.h
Examining data/parlatype-2.0/libparlatype/src/pt-waveviewer-cursor.c
Examining data/parlatype-2.0/libparlatype/src/pt-waveviewer-cursor.h
Examining data/parlatype-2.0/libparlatype/src/pt-waveviewer-focus.c
Examining data/parlatype-2.0/libparlatype/src/pt-waveviewer-focus.h
Examining data/parlatype-2.0/libparlatype/src/pt-waveviewer-ruler.c
Examining data/parlatype-2.0/libparlatype/src/pt-waveviewer-ruler.h
Examining data/parlatype-2.0/libparlatype/src/pt-waveviewer-selection.c
Examining data/parlatype-2.0/libparlatype/src/pt-waveviewer-selection.h
Examining data/parlatype-2.0/libparlatype/src/pt-waveviewer-waveform.c
Examining data/parlatype-2.0/libparlatype/src/pt-waveviewer-waveform.h
Examining data/parlatype-2.0/libparlatype/src/pt-waveviewer.c
Examining data/parlatype-2.0/libparlatype/src/pt-waveviewer.h
Examining data/parlatype-2.0/libparlatype/tests/player.c
Examining data/parlatype-2.0/libparlatype/tests/waveloader.c
Examining data/parlatype-2.0/libparlatype/tests/waveviewer.c
Examining data/parlatype-2.0/src/main.c
Examining data/parlatype-2.0/src/pt-app.c
Examining data/parlatype-2.0/src/pt-app.h
Examining data/parlatype-2.0/src/pt-asr-assistant-helpers.c
Examining data/parlatype-2.0/src/pt-asr-assistant-helpers.h
Examining data/parlatype-2.0/src/pt-asr-assistant.c
Examining data/parlatype-2.0/src/pt-asr-assistant.h
Examining data/parlatype-2.0/src/pt-asr-output.c
Examining data/parlatype-2.0/src/pt-asr-output.h
Examining data/parlatype-2.0/src/pt-asr-settings.c
Examining data/parlatype-2.0/src/pt-asr-settings.h
Examining data/parlatype-2.0/src/pt-controller.c
Examining data/parlatype-2.0/src/pt-controller.h
Examining data/parlatype-2.0/src/pt-dbus-service.c
Examining data/parlatype-2.0/src/pt-dbus-service.h
Examining data/parlatype-2.0/src/pt-goto-dialog.c
Examining data/parlatype-2.0/src/pt-goto-dialog.h
Examining data/parlatype-2.0/src/pt-mediakeys.c
Examining data/parlatype-2.0/src/pt-mediakeys.h
Examining data/parlatype-2.0/src/pt-preferences.c
Examining data/parlatype-2.0/src/pt-preferences.h
Examining data/parlatype-2.0/src/pt-window-dnd.c
Examining data/parlatype-2.0/src/pt-window-dnd.h
Examining data/parlatype-2.0/src/pt-window-private.h
Examining data/parlatype-2.0/src/pt-window.c
Examining data/parlatype-2.0/src/pt-window.h
FINAL RESULTS:
data/parlatype-2.0/src/pt-goto-dialog.c:49:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
args = sscanf (time_string, C_("long time format", "%d:%02d:%02d"), &hour, &min, &sec);
data/parlatype-2.0/src/pt-app.c:102:15: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
home_path = g_get_home_dir ();
data/parlatype-2.0/libparlatype/gst-plugin-sphinx/gstparlasphinx.c:740:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uttid[16];
data/parlatype-2.0/libparlatype/gst-plugin-sphinx/gstparlasphinx.c:742:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(uttid, "%09u", ps->uttno);
data/parlatype-2.0/libparlatype/src/pt-waveloader.c:185:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wl->priv->lowres->data + wl->priv->lowres_index * sizeof (float), &vmin, sizeof (float));
data/parlatype-2.0/libparlatype/src/pt-waveloader.c:187:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wl->priv->lowres->data + wl->priv->lowres_index * sizeof (float), &vmax, sizeof (float));
data/parlatype-2.0/libparlatype/src/pt-waveloader.c:634:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wl->priv->lowres->data + index_out * sizeof (float), &vmin, sizeof (float));
data/parlatype-2.0/libparlatype/src/pt-waveloader.c:636:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (wl->priv->lowres->data + index_out * sizeof (float), &vmax, sizeof (float));
data/parlatype-2.0/libparlatype/gst-plugin-sphinx/gstparlasphinx.c:700:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (hyp && strlen(hyp) > 0) {
data/parlatype-2.0/libparlatype/gst-plugin-sphinx/gstparlasphinx.c:732:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer = gst_buffer_new_and_alloc(strlen(hyp) + 1);
data/parlatype-2.0/libparlatype/gst-plugin-sphinx/gstparlasphinx.c:733:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gst_buffer_fill(buffer, 0, hyp, strlen(hyp));
data/parlatype-2.0/libparlatype/gst-plugin-sphinx/gstparlasphinx.c:734:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gst_buffer_fill(buffer, strlen(hyp), "\n", 1);
data/parlatype-2.0/libparlatype/src/pt-player.c:1603:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmp = g_strdup_printf ("%.*s", (int)strlen (timestamp) -1, timestamp);
data/parlatype-2.0/libparlatype/src/pt-player.c:1635:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (split[3]) == 1)
data/parlatype-2.0/libparlatype/src/pt-player.c:1645:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (split[2]) == 1)
data/parlatype-2.0/libparlatype/tests/player.c:208:9: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gchar *getchar;
data/parlatype-2.0/libparlatype/tests/player.c:211:19: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
g_assert_cmpstr (getchar, ==, fixture->testuri);
data/parlatype-2.0/libparlatype/tests/player.c:212:10: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
g_free (getchar);
data/parlatype-2.0/libparlatype/tests/player.c:215:19: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
g_assert_cmpstr (getchar, ==, "tick-10sec.ogg");
data/parlatype-2.0/libparlatype/tests/player.c:216:10: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
g_free (getchar);
data/parlatype-2.0/src/pt-asr-output.c:337:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
self->priv->offset, string, strlen (string), NULL);
data/parlatype-2.0/src/pt-asr-output.c:340:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_text_buffer_insert (self->priv->textbuffer, &iter, string, strlen (string));
data/parlatype-2.0/src/pt-asr-output.c:366:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (string_with_space), NULL);
data/parlatype-2.0/src/pt-asr-output.c:369:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_text_buffer_insert (self->priv->textbuffer, &iter, string_with_space, strlen (string_with_space));
data/parlatype-2.0/src/pt-goto-dialog.c:168:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
width = strlen (time_string);
ANALYSIS SUMMARY:
Hits = 25
Lines analyzed = 15556 in approximately 0.38 seconds (40826 lines/second)
Physical Source Lines of Code (SLOC) = 10639
Hits@level = [0] 0 [1] 17 [2] 6 [3] 1 [4] 1 [5] 0
Hits@level+ = [0+] 25 [1+] 25 [2+] 8 [3+] 2 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 2.34984 [1+] 2.34984 [2+] 0.75195 [3+] 0.187988 [4+] 0.0939938 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.