Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/retro-gtk-0.18.1/demos/retro-demo.c
Examining data/retro-gtk-0.18.1/retro-gtk/retro-cairo-display-private.h
Examining data/retro-gtk-0.18.1/retro-gtk/retro-cairo-display.c
Examining data/retro-gtk-0.18.1/retro-gtk/retro-controller-codes.c
Examining data/retro-gtk-0.18.1/retro-gtk/retro-controller-codes.h
Examining data/retro-gtk-0.18.1/retro-gtk/retro-controller-iterator-private.h
Examining data/retro-gtk-0.18.1/retro-gtk/retro-controller-iterator.c
Examining data/retro-gtk-0.18.1/retro-gtk/retro-controller-iterator.h
Examining data/retro-gtk-0.18.1/retro-gtk/retro-controller-type.c
Examining data/retro-gtk-0.18.1/retro-gtk/retro-controller-type.h
Examining data/retro-gtk-0.18.1/retro-gtk/retro-controller.c
Examining data/retro-gtk-0.18.1/retro-gtk/retro-controller.h
Examining data/retro-gtk-0.18.1/retro-gtk/retro-core-descriptor.c
Examining data/retro-gtk-0.18.1/retro-gtk/retro-core-descriptor.h
Examining data/retro-gtk-0.18.1/retro-gtk/retro-core-private.h
Examining data/retro-gtk-0.18.1/retro-gtk/retro-core-view-controller-private.h
Examining data/retro-gtk-0.18.1/retro-gtk/retro-core-view-controller.c
Examining data/retro-gtk-0.18.1/retro-gtk/retro-core-view.c
Examining data/retro-gtk-0.18.1/retro-gtk/retro-core-view.h
Examining data/retro-gtk-0.18.1/retro-gtk/retro-core.c
Examining data/retro-gtk-0.18.1/retro-gtk/retro-core.h
Examining data/retro-gtk-0.18.1/retro-gtk/retro-disk-control-callback-private.h
Examining data/retro-gtk-0.18.1/retro-gtk/retro-environment.c
Examining data/retro-gtk-0.18.1/retro-gtk/retro-game-info-private.h
Examining data/retro-gtk-0.18.1/retro-gtk/retro-game-info.c
Examining data/retro-gtk-0.18.1/retro-gtk/retro-gl-display-private.h
Examining data/retro-gtk-0.18.1/retro-gtk/retro-gl-display.c
Examining data/retro-gtk-0.18.1/retro-gtk/retro-glsl-filter-private.h
Examining data/retro-gtk-0.18.1/retro-gtk/retro-glsl-filter.c
Examining data/retro-gtk-0.18.1/retro-gtk/retro-gtk.h
Examining data/retro-gtk-0.18.1/retro-gtk/retro-input-descriptor-private.h
Examining data/retro-gtk-0.18.1/retro-gtk/retro-input-descriptor.c
Examining data/retro-gtk-0.18.1/retro-gtk/retro-input-private.h
Examining data/retro-gtk-0.18.1/retro-gtk/retro-input.c
Examining data/retro-gtk-0.18.1/retro-gtk/retro-input.h
Examining data/retro-gtk-0.18.1/retro-gtk/retro-key-joypad-mapping.c
Examining data/retro-gtk-0.18.1/retro-gtk/retro-key-joypad-mapping.h
Examining data/retro-gtk-0.18.1/retro-gtk/retro-keyboard-key-private.h
Examining data/retro-gtk-0.18.1/retro-gtk/retro-keyboard-private.h
Examining data/retro-gtk-0.18.1/retro-gtk/retro-keyboard.c
Examining data/retro-gtk-0.18.1/retro-gtk/retro-log.c
Examining data/retro-gtk-0.18.1/retro-gtk/retro-log.h
Examining data/retro-gtk-0.18.1/retro-gtk/retro-main-loop.c
Examining data/retro-gtk-0.18.1/retro-gtk/retro-main-loop.h
Examining data/retro-gtk-0.18.1/retro-gtk/retro-memory-type.c
Examining data/retro-gtk-0.18.1/retro-gtk/retro-memory-type.h
Examining data/retro-gtk-0.18.1/retro-gtk/retro-module-iterator.c
Examining data/retro-gtk-0.18.1/retro-gtk/retro-module-iterator.h
Examining data/retro-gtk-0.18.1/retro-gtk/retro-module-private.h
Examining data/retro-gtk-0.18.1/retro-gtk/retro-module-query.c
Examining data/retro-gtk-0.18.1/retro-gtk/retro-module-query.h
Examining data/retro-gtk-0.18.1/retro-gtk/retro-module.c
Examining data/retro-gtk-0.18.1/retro-gtk/retro-option-iterator-private.h
Examining data/retro-gtk-0.18.1/retro-gtk/retro-option-iterator.c
Examining data/retro-gtk-0.18.1/retro-gtk/retro-option-iterator.h
Examining data/retro-gtk-0.18.1/retro-gtk/retro-option-private.h
Examining data/retro-gtk-0.18.1/retro-gtk/retro-option.c
Examining data/retro-gtk-0.18.1/retro-gtk/retro-option.h
Examining data/retro-gtk-0.18.1/retro-gtk/retro-pa-player-private.h
Examining data/retro-gtk-0.18.1/retro-gtk/retro-pa-player.c
Examining data/retro-gtk-0.18.1/retro-gtk/retro-pixbuf.c
Examining data/retro-gtk-0.18.1/retro-gtk/retro-pixbuf.h
Examining data/retro-gtk-0.18.1/retro-gtk/retro-pixdata-private.h
Examining data/retro-gtk-0.18.1/retro-gtk/retro-pixdata.c
Examining data/retro-gtk-0.18.1/retro-gtk/retro-pixdata.h
Examining data/retro-gtk-0.18.1/retro-gtk/retro-pixel-format-private.h
Examining data/retro-gtk-0.18.1/retro-gtk/retro-pixel-format.c
Examining data/retro-gtk-0.18.1/retro-gtk/retro-rotation-private.h
Examining data/retro-gtk-0.18.1/retro-gtk/retro-rumble-effect.c
Examining data/retro-gtk-0.18.1/retro-gtk/retro-rumble-effect.h
Examining data/retro-gtk-0.18.1/retro-gtk/retro-system-av-info-private.h
Examining data/retro-gtk-0.18.1/retro-gtk/retro-system-info-private.h
Examining data/retro-gtk-0.18.1/retro-gtk/retro-variable-private.h
Examining data/retro-gtk-0.18.1/retro-gtk/retro-video-filter.c
Examining data/retro-gtk-0.18.1/retro-gtk/retro-video-filter.h
Examining data/retro-gtk-0.18.1/tests/libretro.h
Examining data/retro-gtk-0.18.1/tests/retro-dummy.c
Examining data/retro-gtk-0.18.1/tests/retro-reftest-file.c
Examining data/retro-gtk-0.18.1/tests/retro-reftest-file.h
Examining data/retro-gtk-0.18.1/tests/retro-reftest.c
Examining data/retro-gtk-0.18.1/tests/retro-test-controller.c
Examining data/retro-gtk-0.18.1/tests/retro-test-controller.h
Examining data/retro-gtk-0.18.1/tests/test-core.c
FINAL RESULTS:
data/retro-gtk-0.18.1/retro-gtk/retro-core.c:1899:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (memory_region, data, size);
data/retro-gtk-0.18.1/tests/libretro.h:1067:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
retro_vfs_open_t open;
data/retro-gtk-0.18.1/tests/libretro.h:1072:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
retro_vfs_read_t read;
data/retro-gtk-0.18.1/tests/retro-reftest-file.c:300:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
remaining = string + strlen ("Joypad ");
data/retro-gtk-0.18.1/tests/retro-reftest-file.c:537:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
frame_number_string = groups[i] + strlen (RETRO_REFTEST_FILE_FRAME_GROUP_PREFIX);
data/retro-gtk-0.18.1/tests/retro-reftest-file.c:654:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
controller_number_string = *key_i + strlen (RETRO_REFTEST_FILE_FRAME_CONTROLLER_PREFIX);
ANALYSIS SUMMARY:
Hits = 6
Lines analyzed = 16471 in approximately 0.37 seconds (44646 lines/second)
Physical Source Lines of Code (SLOC) = 10437
Hits@level = [0] 1 [1] 4 [2] 2 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 7 [1+] 6 [2+] 2 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 0.670691 [1+] 0.574878 [2+] 0.191626 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.