Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/fcitx-anthy-0.2.3/src/action.cpp Examining data/fcitx-anthy-0.2.3/src/action.h Examining data/fcitx-anthy-0.2.3/src/common.h Examining data/fcitx-anthy-0.2.3/src/conversion.cpp Examining data/fcitx-anthy-0.2.3/src/conversion.h Examining data/fcitx-anthy-0.2.3/src/default_tables.cpp Examining data/fcitx-anthy-0.2.3/src/default_tables.h Examining data/fcitx-anthy-0.2.3/src/factory.cpp Examining data/fcitx-anthy-0.2.3/src/factory.h Examining data/fcitx-anthy-0.2.3/src/imengine.cpp Examining data/fcitx-anthy-0.2.3/src/imengine.h Examining data/fcitx-anthy-0.2.3/src/kana.cpp Examining data/fcitx-anthy-0.2.3/src/kana.h Examining data/fcitx-anthy-0.2.3/src/key2kana.cpp Examining data/fcitx-anthy-0.2.3/src/key2kana.h Examining data/fcitx-anthy-0.2.3/src/key2kana_base.h Examining data/fcitx-anthy-0.2.3/src/key2kana_table.cpp Examining data/fcitx-anthy-0.2.3/src/key2kana_table.h Examining data/fcitx-anthy-0.2.3/src/nicola.cpp Examining data/fcitx-anthy-0.2.3/src/nicola.h Examining data/fcitx-anthy-0.2.3/src/preedit.cpp Examining data/fcitx-anthy-0.2.3/src/preedit.h Examining data/fcitx-anthy-0.2.3/src/reading.cpp Examining data/fcitx-anthy-0.2.3/src/reading.h Examining data/fcitx-anthy-0.2.3/src/style_file.cpp Examining data/fcitx-anthy-0.2.3/src/style_file.h Examining data/fcitx-anthy-0.2.3/src/utils.cpp Examining data/fcitx-anthy-0.2.3/src/utils.h FINAL RESULTS: data/fcitx-anthy-0.2.3/src/conversion.cpp:389:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[len + 1]; data/fcitx-anthy-0.2.3/src/conversion.cpp:552:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[len + 1]; data/fcitx-anthy-0.2.3/src/conversion.cpp:600:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[len + 1]; data/fcitx-anthy-0.2.3/src/conversion.cpp:823:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[len + 1]; data/fcitx-anthy-0.2.3/src/imengine.cpp:508:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/fcitx-anthy-0.2.3/src/imengine.cpp:509:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buf, _("(%d / %d)"), m_cursor_pos + 1, data/fcitx-anthy-0.2.3/src/style_file.cpp:310:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAX_LINE_LENGTH]; data/fcitx-anthy-0.2.3/src/utils.cpp:83:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cc[2]; data/fcitx-anthy-0.2.3/src/utils.cpp:183:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char raw[2]; data/fcitx-anthy-0.2.3/src/utils.cpp:246:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[len + 1]; data/fcitx-anthy-0.2.3/src/utils.cpp:71:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). start = end + strlen (delim); data/fcitx-anthy-0.2.3/src/utils.cpp:245:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned int len = strlen (command); data/fcitx-anthy-0.2.3/src/utils.cpp:247:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (tmp, command, len); ANALYSIS SUMMARY: Hits = 13 Lines analyzed = 10702 in approximately 0.26 seconds (41238 lines/second) Physical Source Lines of Code (SLOC) = 8285 Hits@level = [0] 0 [1] 3 [2] 10 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 13 [1+] 13 [2+] 10 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 1.5691 [1+] 1.5691 [2+] 1.207 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.