stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/pyqt5-sip-12.8.1/voidptr.c
Examining data/pyqt5-sip-12.8.1/objmap.c
Examining data/pyqt5-sip-12.8.1/array.c
Examining data/pyqt5-sip-12.8.1/int_convertors.c
Examining data/pyqt5-sip-12.8.1/sip.h
Examining data/pyqt5-sip-12.8.1/apiversions.c
Examining data/pyqt5-sip-12.8.1/siplib.c
Examining data/pyqt5-sip-12.8.1/array.h
Examining data/pyqt5-sip-12.8.1/descriptors.c
Examining data/pyqt5-sip-12.8.1/qtlib.c
Examining data/pyqt5-sip-12.8.1/bool.cpp
Examining data/pyqt5-sip-12.8.1/threads.c
Examining data/pyqt5-sip-12.8.1/sipint.h

FINAL RESULTS:

data/pyqt5-sip-12.8.1/apiversions.c:238:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(api_copy, api);
data/pyqt5-sip-12.8.1/qtlib.c:550:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(d,s);
data/pyqt5-sip-12.8.1/qtlib.c:622:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(&sp -> name[1],meth);
data/pyqt5-sip-12.8.1/siplib.c:1266:9:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        vfprintf(stderr, fmt, ap);
data/pyqt5-sip-12.8.1/siplib.c:7716:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[100];
data/pyqt5-sip-12.8.1/apiversions.c:235:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((api_copy = sip_api_malloc(strlen(api) + 1)) == NULL)
data/pyqt5-sip-12.8.1/qtlib.c:549:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((d = (char *)sip_api_malloc(strlen(s) + 1)) != NULL)
data/pyqt5-sip-12.8.1/qtlib.c:614:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if ((sp -> name = (char *)sip_api_malloc(strlen(meth) + 2)) == NULL)
data/pyqt5-sip-12.8.1/siplib.c:2240:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((args = PyTuple_New(strlen(fmt))) != NULL && buildObject(args, fmt, va) != NULL)
data/pyqt5-sip-12.8.1/siplib.c:2269:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((args = PyTuple_New(strlen(fmt))) == NULL)
data/pyqt5-sip-12.8.1/siplib.c:2362:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    else if (strlen(fmt) == 1)
data/pyqt5-sip-12.8.1/siplib.c:2589:64:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    el = PyUnicode_FromWideChar(s, (Py_ssize_t)wcslen(s));
data/pyqt5-sip-12.8.1/siplib.c:8131:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            w = PyUnicode_DecodeASCII(si->si_val, strlen(si->si_val), NULL);
data/pyqt5-sip-12.8.1/siplib.c:8135:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            w = PyUnicode_DecodeLatin1(si->si_val, strlen(si->si_val), NULL);
data/pyqt5-sip-12.8.1/siplib.c:8156:21:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    wcslen((const wchar_t *)si->si_val));

ANALYSIS SUMMARY:

Hits = 15
Lines analyzed = 19431 in approximately 0.37 seconds (52925 lines/second)
Physical Source Lines of Code (SLOC) = 11924
Hits@level = [0]   7 [1]  10 [2]   1 [3]   0 [4]   4 [5]   0
Hits@level+ = [0+]  22 [1+]  15 [2+]   5 [3+]   4 [4+]   4 [5+]   0
Hits/KSLOC@level+ = [0+] 1.84502 [1+] 1.25797 [2+] 0.419322 [3+] 0.335458 [4+] 0.335458 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.