Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/pygobject-3.38.0/gi/gimodule.c
Examining data/pygobject-3.38.0/gi/gimodule.h
Examining data/pygobject-3.38.0/gi/pygboxed.c
Examining data/pygobject-3.38.0/gi/pygboxed.h
Examining data/pygobject-3.38.0/gi/pygenum.c
Examining data/pygobject-3.38.0/gi/pygenum.h
Examining data/pygobject-3.38.0/gi/pygflags.c
Examining data/pygobject-3.38.0/gi/pygflags.h
Examining data/pygobject-3.38.0/gi/pygi-argument.c
Examining data/pygobject-3.38.0/gi/pygi-argument.h
Examining data/pygobject-3.38.0/gi/pygi-array.c
Examining data/pygobject-3.38.0/gi/pygi-array.h
Examining data/pygobject-3.38.0/gi/pygi-basictype.c
Examining data/pygobject-3.38.0/gi/pygi-basictype.h
Examining data/pygobject-3.38.0/gi/pygi-boxed.c
Examining data/pygobject-3.38.0/gi/pygi-boxed.h
Examining data/pygobject-3.38.0/gi/pygi-cache.c
Examining data/pygobject-3.38.0/gi/pygi-cache.h
Examining data/pygobject-3.38.0/gi/pygi-ccallback.c
Examining data/pygobject-3.38.0/gi/pygi-ccallback.h
Examining data/pygobject-3.38.0/gi/pygi-closure.c
Examining data/pygobject-3.38.0/gi/pygi-closure.h
Examining data/pygobject-3.38.0/gi/pygi-enum-marshal.c
Examining data/pygobject-3.38.0/gi/pygi-enum-marshal.h
Examining data/pygobject-3.38.0/gi/pygi-error.c
Examining data/pygobject-3.38.0/gi/pygi-error.h
Examining data/pygobject-3.38.0/gi/pygi-foreign-api.h
Examining data/pygobject-3.38.0/gi/pygi-foreign-cairo.c
Examining data/pygobject-3.38.0/gi/pygi-foreign.c
Examining data/pygobject-3.38.0/gi/pygi-foreign.h
Examining data/pygobject-3.38.0/gi/pygi-hashtable.c
Examining data/pygobject-3.38.0/gi/pygi-hashtable.h
Examining data/pygobject-3.38.0/gi/pygi-info.c
Examining data/pygobject-3.38.0/gi/pygi-info.h
Examining data/pygobject-3.38.0/gi/pygi-invoke-state-struct.h
Examining data/pygobject-3.38.0/gi/pygi-invoke.c
Examining data/pygobject-3.38.0/gi/pygi-invoke.h
Examining data/pygobject-3.38.0/gi/pygi-list.c
Examining data/pygobject-3.38.0/gi/pygi-list.h
Examining data/pygobject-3.38.0/gi/pygi-marshal-cleanup.c
Examining data/pygobject-3.38.0/gi/pygi-marshal-cleanup.h
Examining data/pygobject-3.38.0/gi/pygi-object.c
Examining data/pygobject-3.38.0/gi/pygi-object.h
Examining data/pygobject-3.38.0/gi/pygi-property.c
Examining data/pygobject-3.38.0/gi/pygi-property.h
Examining data/pygobject-3.38.0/gi/pygi-repository.c
Examining data/pygobject-3.38.0/gi/pygi-repository.h
Examining data/pygobject-3.38.0/gi/pygi-resulttuple.c
Examining data/pygobject-3.38.0/gi/pygi-resulttuple.h
Examining data/pygobject-3.38.0/gi/pygi-signal-closure.c
Examining data/pygobject-3.38.0/gi/pygi-signal-closure.h
Examining data/pygobject-3.38.0/gi/pygi-source.c
Examining data/pygobject-3.38.0/gi/pygi-source.h
Examining data/pygobject-3.38.0/gi/pygi-struct-marshal.c
Examining data/pygobject-3.38.0/gi/pygi-struct-marshal.h
Examining data/pygobject-3.38.0/gi/pygi-struct.c
Examining data/pygobject-3.38.0/gi/pygi-struct.h
Examining data/pygobject-3.38.0/gi/pygi-type.c
Examining data/pygobject-3.38.0/gi/pygi-type.h
Examining data/pygobject-3.38.0/gi/pygi-util.c
Examining data/pygobject-3.38.0/gi/pygi-util.h
Examining data/pygobject-3.38.0/gi/pygi-value.c
Examining data/pygobject-3.38.0/gi/pygi-value.h
Examining data/pygobject-3.38.0/gi/pyginterface.c
Examining data/pygobject-3.38.0/gi/pyginterface.h
Examining data/pygobject-3.38.0/gi/pygobject-internal.h
Examining data/pygobject-3.38.0/gi/pygobject-object.c
Examining data/pygobject-3.38.0/gi/pygobject-object.h
Examining data/pygobject-3.38.0/gi/pygobject.h
Examining data/pygobject-3.38.0/gi/pygoptioncontext.c
Examining data/pygobject-3.38.0/gi/pygoptioncontext.h
Examining data/pygobject-3.38.0/gi/pygoptiongroup.c
Examining data/pygobject-3.38.0/gi/pygoptiongroup.h
Examining data/pygobject-3.38.0/gi/pygparamspec.c
Examining data/pygobject-3.38.0/gi/pygparamspec.h
Examining data/pygobject-3.38.0/gi/pygpointer.c
Examining data/pygobject-3.38.0/gi/pygpointer.h
Examining data/pygobject-3.38.0/gi/pygspawn.c
Examining data/pygobject-3.38.0/gi/pygspawn.h
Examining data/pygobject-3.38.0/tests/gimarshallingtestsextra.c
Examining data/pygobject-3.38.0/tests/gimarshallingtestsextra.h
Examining data/pygobject-3.38.0/tests/regressextra.c
Examining data/pygobject-3.38.0/tests/regressextra.h
Examining data/pygobject-3.38.0/tests/test-floating.c
Examining data/pygobject-3.38.0/tests/test-floating.h
Examining data/pygobject-3.38.0/tests/test-thread.c
Examining data/pygobject-3.38.0/tests/test-thread.h
Examining data/pygobject-3.38.0/tests/test-unknown.c
Examining data/pygobject-3.38.0/tests/test-unknown.h
Examining data/pygobject-3.38.0/tests/testhelpermodule.c
FINAL RESULTS:
data/pygobject-3.38.0/gi/pygenum.c:107:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "<enum %s of type %s.%s>", value,
data/pygobject-3.38.0/gi/pygenum.c:110:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "<enum %ld of type %s.%s>", PyLong_AS_LONG ((PyObject*)self),
data/pygobject-3.38.0/gi/gimodule.c:397:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/pygobject-3.38.0/gi/gimodule.c:630:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[256];
data/pygobject-3.38.0/gi/gimodule.c:1210:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_serial_str[16];
data/pygobject-3.38.0/gi/pygenum.c:52:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char warning[256];
data/pygobject-3.38.0/gi/pygenum.c:77:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tmp[256];
data/pygobject-3.38.0/gi/pygflags.c:52:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char warning[256];
data/pygobject-3.38.0/gi/pygi-argument.c:393:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(array->data, PyBytes_AsString (object), length);
data/pygobject-3.38.0/gi/pygi-argument.c:760:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&item, array->data + i * item_size, item_size);
data/pygobject-3.38.0/gi/pygi-argument.c:1062:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&item, array->data + (g_array_get_element_size (array) * i), sizeof (GIArgument));
data/pygobject-3.38.0/gi/pygi-array.c:267:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (array_->data, data, length);
data/pygobject-3.38.0/gi/pygi-array.c:638:33: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (_struct, array_->data + i * item_size,
data/pygobject-3.38.0/gi/pygi-array.c:646:29: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&item_arg, array_->data + i * item_size, item_size);
data/pygobject-3.38.0/gi/pygi-array.c:653:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&item_arg, array_->data + i * item_size, item_size);
data/pygobject-3.38.0/gi/pygi-closure.c:184:24: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (out_arg, arg->v_pointer, item_size);
data/pygobject-3.38.0/gi/pygi-type.c:185:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/pygobject-3.38.0/gi/pygparamspec.c:58:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/pygobject-3.38.0/gi/pygi-array.c:549:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (arg->v_pointer);
data/pygobject-3.38.0/gi/pygi-basictype.c:1148:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
py_obj = PyUnicode_DecodeUTF8 (value, strlen(value),
data/pygobject-3.38.0/gi/pygi-repository.c:152:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (name);
data/pygobject-3.38.0/gi/pygi-util.c:107:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prefix_len = strlen(strip_prefix);
data/pygobject-3.38.0/tests/gimarshallingtestsextra.c:94:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*len = strlen(path_in);
ANALYSIS SUMMARY:
Hits = 23
Lines analyzed = 30618 in approximately 0.67 seconds (45435 lines/second)
Physical Source Lines of Code (SLOC) = 22165
Hits@level = [0] 0 [1] 5 [2] 16 [3] 0 [4] 2 [5] 0
Hits@level+ = [0+] 23 [1+] 23 [2+] 18 [3+] 2 [4+] 2 [5+] 0
Hits/KSLOC@level+ = [0+] 1.03767 [1+] 1.03767 [2+] 0.812091 [3+] 0.0902323 [4+] 0.0902323 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.