Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/gmetadom-0.2.6/src/gdome_caml/include/mlgdomevalue.h Examining data/gmetadom-0.2.6/src/gdome_caml/events/ml_EventTarget.c Examining data/gmetadom-0.2.6/src/gdome_caml/events/ml_MutationEvent.c Examining data/gmetadom-0.2.6/src/gdome_caml/events/ml_EventListener.c Examining data/gmetadom-0.2.6/src/gdome_caml/events/ml_Event.c Examining data/gmetadom-0.2.6/src/gdome_caml/core/ml_EntityReference.c Examining data/gmetadom-0.2.6/src/gdome_caml/core/ml_Text.c Examining data/gmetadom-0.2.6/src/gdome_caml/core/ml_Element.c Examining data/gmetadom-0.2.6/src/gdome_caml/core/ml_Document.c Examining data/gmetadom-0.2.6/src/gdome_caml/core/ml_DocumentFragment.c Examining data/gmetadom-0.2.6/src/gdome_caml/core/ml_NamedNodeMap.c Examining data/gmetadom-0.2.6/src/gdome_caml/core/ml_Notation.c Examining data/gmetadom-0.2.6/src/gdome_caml/core/ml_CDATASection.c Examining data/gmetadom-0.2.6/src/gdome_caml/core/ml_CharacterData.c Examining data/gmetadom-0.2.6/src/gdome_caml/core/ml_Entity.c Examining data/gmetadom-0.2.6/src/gdome_caml/core/ml_DocumentType.c Examining data/gmetadom-0.2.6/src/gdome_caml/core/ml_NodeList.c Examining data/gmetadom-0.2.6/src/gdome_caml/core/ml_ProcessingInstruction.c Examining data/gmetadom-0.2.6/src/gdome_caml/core/ml_Node.c Examining data/gmetadom-0.2.6/src/gdome_caml/core/ml_Attr.c Examining data/gmetadom-0.2.6/src/gdome_caml/core/ml_Comment.c Examining data/gmetadom-0.2.6/src/gdome_caml/ml_DOMImplementation.c Examining data/gmetadom-0.2.6/src/gdome_caml/basic/ml_misc.c Examining data/gmetadom-0.2.6/src/gdome_caml/basic/ml_DOMString.c Examining data/gmetadom-0.2.6/src/gdome_cpp_smart/test/main.cc Examining data/gmetadom-0.2.6/src/gdome_cpp_smart/test/basic.cc Examining data/gmetadom-0.2.6/src/gdome_cpp_smart/test/deep.cc Examining data/gmetadom-0.2.6/src/gdome_cpp_smart/events/GdomeSmartDOMHelper.cc Examining data/gmetadom-0.2.6/src/gdome_cpp_smart/events/GdomeSmartDOMMutationEvent.cc Examining data/gmetadom-0.2.6/src/gdome_cpp_smart/events/GdomeSmartDOMEventTarget.cc Examining data/gmetadom-0.2.6/src/gdome_cpp_smart/events/GdomeSmartDOMEvent.cc Examining data/gmetadom-0.2.6/src/gdome_cpp_smart/core/GdomeSmartDOMNamedNodeMap.cc Examining data/gmetadom-0.2.6/src/gdome_cpp_smart/core/GdomeSmartDOMDocumentType.cc Examining data/gmetadom-0.2.6/src/gdome_cpp_smart/core/GdomeSmartDOMAttr.cc Examining data/gmetadom-0.2.6/src/gdome_cpp_smart/core/GdomeSmartDOMDocument.cc Examining data/gmetadom-0.2.6/src/gdome_cpp_smart/core/GdomeSmartDOMNodeList.cc Examining data/gmetadom-0.2.6/src/gdome_cpp_smart/core/GdomeSmartDOMNode.cc Examining data/gmetadom-0.2.6/src/gdome_cpp_smart/core/GdomeSmartDOMCDATASection.cc Examining data/gmetadom-0.2.6/src/gdome_cpp_smart/core/GdomeSmartDOMText.cc Examining data/gmetadom-0.2.6/src/gdome_cpp_smart/core/GdomeSmartDOMElement.cc Examining data/gmetadom-0.2.6/src/gdome_cpp_smart/core/GdomeSmartDOMEntityReference.cc Examining data/gmetadom-0.2.6/src/gdome_cpp_smart/core/GdomeSmartDOMDocumentFragment.cc Examining data/gmetadom-0.2.6/src/gdome_cpp_smart/core/GdomeSmartDOMEntity.cc Examining data/gmetadom-0.2.6/src/gdome_cpp_smart/core/GdomeSmartDOMNotation.cc Examining data/gmetadom-0.2.6/src/gdome_cpp_smart/core/GdomeSmartDOMCharacterData.cc Examining data/gmetadom-0.2.6/src/gdome_cpp_smart/core/GdomeSmartDOMProcessingInstruction.cc Examining data/gmetadom-0.2.6/src/gdome_cpp_smart/core/GdomeSmartDOMComment.cc Examining data/gmetadom-0.2.6/src/gdome_cpp_smart/basic/GdomeSmartDOMDOMException.cc Examining data/gmetadom-0.2.6/src/gdome_cpp_smart/basic/GdomeSmartDOMGdomeString.cc Examining data/gmetadom-0.2.6/src/gdome_cpp_smart/GdomeSmartDOMDOMImplementation.cc FINAL RESULTS: data/gmetadom-0.2.6/src/gdome_cpp_smart/basic/GdomeSmartDOMGdomeString.cc:79:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[128]; data/gmetadom-0.2.6/src/gdome_cpp_smart/basic/GdomeSmartDOMGdomeString.cc:87:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(inbuf, source, inBytesLeft); data/gmetadom-0.2.6/src/gdome_cpp_smart/basic/GdomeSmartDOMGdomeString.cc:107:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(res, buffer, n); data/gmetadom-0.2.6/src/gdome_cpp_smart/basic/GdomeSmartDOMGdomeString.cc:111:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newRes, res, nConv); data/gmetadom-0.2.6/src/gdome_cpp_smart/basic/GdomeSmartDOMGdomeString.cc:112:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newRes + nConv, buffer, n); data/gmetadom-0.2.6/src/gdome_cpp_smart/basic/GdomeSmartDOMGdomeString.cc:240:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, s.data(), s.length()); data/gmetadom-0.2.6/src/gdome_cpp_smart/basic/GdomeSmartDOMGdomeString.cc:255:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, destBuffer, length); data/gmetadom-0.2.6/src/gdome_cpp_smart/basic/GdomeSmartDOMGdomeString.cc:271:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, destBuffer, length); data/gmetadom-0.2.6/src/gdome_cpp_smart/test/deep.cc:83:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). doTest(atoi(argv[1]), argv[2]); data/gmetadom-0.2.6/src/gdome_cpp_smart/test/main.cc:170:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). for (int i = 0; i < atoi(argv[1]); i++) doTest(argc - 2, argv + 2); ANALYSIS SUMMARY: Hits = 10 Lines analyzed = 7638 in approximately 0.33 seconds (22800 lines/second) Physical Source Lines of Code (SLOC) = 4931 Hits@level = [0] 0 [1] 0 [2] 10 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 10 [1+] 10 [2+] 10 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 2.02799 [1+] 2.02799 [2+] 2.02799 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.