Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/template-glib-3.34.0/examples/simple.c
Examining data/template-glib-3.34.0/src/main.c
Examining data/template-glib-3.34.0/src/tmpl-branch-node.c
Examining data/template-glib-3.34.0/src/tmpl-branch-node.h
Examining data/template-glib-3.34.0/src/tmpl-condition-node.c
Examining data/template-glib-3.34.0/src/tmpl-condition-node.h
Examining data/template-glib-3.34.0/src/tmpl-error.c
Examining data/template-glib-3.34.0/src/tmpl-error.h
Examining data/template-glib-3.34.0/src/tmpl-expr-eval.c
Examining data/template-glib-3.34.0/src/tmpl-expr-node.c
Examining data/template-glib-3.34.0/src/tmpl-expr-node.h
Examining data/template-glib-3.34.0/src/tmpl-expr-parser-private.h
Examining data/template-glib-3.34.0/src/tmpl-expr-private.h
Examining data/template-glib-3.34.0/src/tmpl-expr-types.h
Examining data/template-glib-3.34.0/src/tmpl-expr.c
Examining data/template-glib-3.34.0/src/tmpl-expr.h
Examining data/template-glib-3.34.0/src/tmpl-gi-private.h
Examining data/template-glib-3.34.0/src/tmpl-gi.c
Examining data/template-glib-3.34.0/src/tmpl-glib.h
Examining data/template-glib-3.34.0/src/tmpl-iter-node.c
Examining data/template-glib-3.34.0/src/tmpl-iter-node.h
Examining data/template-glib-3.34.0/src/tmpl-iterator.c
Examining data/template-glib-3.34.0/src/tmpl-iterator.h
Examining data/template-glib-3.34.0/src/tmpl-lexer.c
Examining data/template-glib-3.34.0/src/tmpl-lexer.h
Examining data/template-glib-3.34.0/src/tmpl-node.c
Examining data/template-glib-3.34.0/src/tmpl-node.h
Examining data/template-glib-3.34.0/src/tmpl-parser.c
Examining data/template-glib-3.34.0/src/tmpl-parser.h
Examining data/template-glib-3.34.0/src/tmpl-scope.c
Examining data/template-glib-3.34.0/src/tmpl-scope.h
Examining data/template-glib-3.34.0/src/tmpl-symbol.c
Examining data/template-glib-3.34.0/src/tmpl-symbol.h
Examining data/template-glib-3.34.0/src/tmpl-template-locator.c
Examining data/template-glib-3.34.0/src/tmpl-template-locator.h
Examining data/template-glib-3.34.0/src/tmpl-template.c
Examining data/template-glib-3.34.0/src/tmpl-template.h
Examining data/template-glib-3.34.0/src/tmpl-text-node.c
Examining data/template-glib-3.34.0/src/tmpl-text-node.h
Examining data/template-glib-3.34.0/src/tmpl-token-input-stream.c
Examining data/template-glib-3.34.0/src/tmpl-token-input-stream.h
Examining data/template-glib-3.34.0/src/tmpl-token.c
Examining data/template-glib-3.34.0/src/tmpl-token.h
Examining data/template-glib-3.34.0/src/tmpl-util-private.h
Examining data/template-glib-3.34.0/src/tmpl-util.c
Examining data/template-glib-3.34.0/src/tmpl-version-macros.h
FINAL RESULTS:
data/template-glib-3.34.0/src/tmpl-expr-eval.c:744:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_value_set_uint (return_value, strlen (str));
data/template-glib-3.34.0/src/tmpl-expr-eval.c:762:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
guint len = strlen (str);
data/template-glib-3.34.0/src/tmpl-template-locator.c:63:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = g_resources_open_stream (full_path + strlen ("resource://"), 0, NULL);
data/template-glib-3.34.0/src/tmpl-template.c:239:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stream = g_memory_input_stream_new_from_data (g_strdup (str), strlen (str), g_free);
ANALYSIS SUMMARY:
Hits = 4
Lines analyzed = 8332 in approximately 0.20 seconds (41198 lines/second)
Physical Source Lines of Code (SLOC) = 5637
Hits@level = [0] 2 [1] 4 [2] 0 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 6 [1+] 4 [2+] 0 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 1.0644 [1+] 0.709597 [2+] 0 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.