Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/grilo-0.3.13/examples/browsing-pls.c
Examining data/grilo-0.3.13/examples/browsing.c
Examining data/grilo-0.3.13/examples/configuring-plugins.c
Examining data/grilo-0.3.13/examples/efficient-metadata-resolution.c
Examining data/grilo-0.3.13/examples/loading-plugins.c
Examining data/grilo-0.3.13/examples/multivalues.c
Examining data/grilo-0.3.13/examples/searching.c
Examining data/grilo-0.3.13/libs/net/grl-net-mock-private.h
Examining data/grilo-0.3.13/libs/net/grl-net-mock.c
Examining data/grilo-0.3.13/libs/net/grl-net-wc.c
Examining data/grilo-0.3.13/libs/net/grl-net-wc.h
Examining data/grilo-0.3.13/libs/net/grl-net.h
Examining data/grilo-0.3.13/libs/pls/grl-pls.c
Examining data/grilo-0.3.13/libs/pls/grl-pls.h
Examining data/grilo-0.3.13/src/data/grl-config.c
Examining data/grilo-0.3.13/src/data/grl-config.h
Examining data/grilo-0.3.13/src/data/grl-data.c
Examining data/grilo-0.3.13/src/data/grl-data.h
Examining data/grilo-0.3.13/src/data/grl-media.c
Examining data/grilo-0.3.13/src/data/grl-media.h
Examining data/grilo-0.3.13/src/data/grl-related-keys.c
Examining data/grilo-0.3.13/src/data/grl-related-keys.h
Examining data/grilo-0.3.13/src/grilo.c
Examining data/grilo-0.3.13/src/grilo.h
Examining data/grilo-0.3.13/src/grl-caps.c
Examining data/grilo-0.3.13/src/grl-caps.h
Examining data/grilo-0.3.13/src/grl-definitions.h
Examining data/grilo-0.3.13/src/grl-error.h
Examining data/grilo-0.3.13/src/grl-log-priv.h
Examining data/grilo-0.3.13/src/grl-log.c
Examining data/grilo-0.3.13/src/grl-log.h
Examining data/grilo-0.3.13/src/grl-metadata-key-priv.h
Examining data/grilo-0.3.13/src/grl-metadata-key.c
Examining data/grilo-0.3.13/src/grl-metadata-key.h
Examining data/grilo-0.3.13/src/grl-multiple.c
Examining data/grilo-0.3.13/src/grl-multiple.h
Examining data/grilo-0.3.13/src/grl-operation-options-priv.h
Examining data/grilo-0.3.13/src/grl-operation-options.c
Examining data/grilo-0.3.13/src/grl-operation-options.h
Examining data/grilo-0.3.13/src/grl-operation-priv.h
Examining data/grilo-0.3.13/src/grl-operation.c
Examining data/grilo-0.3.13/src/grl-operation.h
Examining data/grilo-0.3.13/src/grl-plugin-priv.h
Examining data/grilo-0.3.13/src/grl-plugin.c
Examining data/grilo-0.3.13/src/grl-plugin.h
Examining data/grilo-0.3.13/src/grl-range-value.c
Examining data/grilo-0.3.13/src/grl-range-value.h
Examining data/grilo-0.3.13/src/grl-registry-priv.h
Examining data/grilo-0.3.13/src/grl-registry.c
Examining data/grilo-0.3.13/src/grl-registry.h
Examining data/grilo-0.3.13/src/grl-source.c
Examining data/grilo-0.3.13/src/grl-source.h
Examining data/grilo-0.3.13/src/grl-sync-priv.h
Examining data/grilo-0.3.13/src/grl-sync.c
Examining data/grilo-0.3.13/src/grl-util.c
Examining data/grilo-0.3.13/src/grl-util.h
Examining data/grilo-0.3.13/src/grl-value-helper.c
Examining data/grilo-0.3.13/src/grl-value-helper.h
Examining data/grilo-0.3.13/tests/autoptr.c
Examining data/grilo-0.3.13/tests/lib-net.c
Examining data/grilo-0.3.13/tests/media.c
Examining data/grilo-0.3.13/tests/registry.c
Examining data/grilo-0.3.13/tools/grilo-inspect/grl-inspect.c
Examining data/grilo-0.3.13/tools/grilo-launch/grl-launch.c
Examining data/grilo-0.3.13/tools/grilo-test-ui/flickr-oauth.c
Examining data/grilo-0.3.13/tools/grilo-test-ui/flickr-oauth.h
Examining data/grilo-0.3.13/tools/grilo-test-ui/main.c
FINAL RESULTS:
data/grilo-0.3.13/libs/pls/grl-pls.c:563:71: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
grl_data_set_int (GRL_DATA (media), GRL_METADATA_KEY_AUDIO_TRACK, atoi (audio_track));
data/grilo-0.3.13/src/data/grl-media.c:969:56: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
grl_related_keys_set_int (relkeys, grlkey, atoi (value));
data/grilo-0.3.13/src/data/grl-media.c:973:60: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
grl_related_keys_set_boolean (relkeys, grlkey, atoi (value) == 0? FALSE: TRUE);
data/grilo-0.3.13/src/data/grl-media.c:916:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
guint len = strlen (escaped_value);
data/grilo-0.3.13/src/grl-util.c:164:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
date_length = strlen (date);
data/grilo-0.3.13/tests/lib-net.c:93:81: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
soup_message_set_response (message, "text/plain", SOUP_MEMORY_TAKE, response, strlen(response));
ANALYSIS SUMMARY:
Hits = 6
Lines analyzed = 30889 in approximately 0.67 seconds (45821 lines/second)
Physical Source Lines of Code (SLOC) = 18645
Hits@level = [0] 2 [1] 3 [2] 3 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 8 [1+] 6 [2+] 3 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 0.429069 [1+] 0.321802 [2+] 0.160901 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.