Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gspell-1.8.4/gspell/gspell.h
Examining data/gspell-1.8.4/gspell/gspell-checker.h
Examining data/gspell-1.8.4/gspell/gspell-checker-dialog.h
Examining data/gspell-1.8.4/gspell/gspell-entry.h
Examining data/gspell-1.8.4/gspell/gspell-entry-buffer.h
Examining data/gspell-1.8.4/gspell/gspell-language.h
Examining data/gspell-1.8.4/gspell/gspell-language-chooser.h
Examining data/gspell-1.8.4/gspell/gspell-language-chooser-button.h
Examining data/gspell-1.8.4/gspell/gspell-language-chooser-dialog.h
Examining data/gspell-1.8.4/gspell/gspell-navigator.h
Examining data/gspell-1.8.4/gspell/gspell-navigator-text-view.h
Examining data/gspell-1.8.4/gspell/gspell-text-buffer.h
Examining data/gspell-1.8.4/gspell/gspell-text-view.h
Examining data/gspell-1.8.4/gspell/gspell-version.h
Examining data/gspell-1.8.4/gspell/gspellregion.c
Examining data/gspell-1.8.4/gspell/gspell-context-menu.c
Examining data/gspell-1.8.4/gspell/gspell-current-word-policy.c
Examining data/gspell-1.8.4/gspell/gspell-entry-utils.c
Examining data/gspell-1.8.4/gspell/gspell-init.c
Examining data/gspell-1.8.4/gspell/gspell-inline-checker-text-buffer.c
Examining data/gspell-1.8.4/gspell/gspell-text-iter.c
Examining data/gspell-1.8.4/gspell/gspell-utils.c
Examining data/gspell-1.8.4/gspell/gspell-osx.c
Examining data/gspell-1.8.4/gspell/gconstructor.h
Examining data/gspell-1.8.4/gspell/gspellregion.h
Examining data/gspell-1.8.4/gspell/gspell-checker-private.h
Examining data/gspell-1.8.4/gspell/gspell-context-menu.h
Examining data/gspell-1.8.4/gspell/gspell-current-word-policy.h
Examining data/gspell-1.8.4/gspell/gspell-entry-private.h
Examining data/gspell-1.8.4/gspell/gspell-entry-utils.h
Examining data/gspell-1.8.4/gspell/gspell-init.h
Examining data/gspell-1.8.4/gspell/gspell-inline-checker-text-buffer.h
Examining data/gspell-1.8.4/gspell/gspell-text-iter.h
Examining data/gspell-1.8.4/gspell/gspell-utils.h
Examining data/gspell-1.8.4/gspell/gspell-osx.h
Examining data/gspell-1.8.4/gspell/gspell-checker.c
Examining data/gspell-1.8.4/gspell/gspell-checker-dialog.c
Examining data/gspell-1.8.4/gspell/gspell-entry.c
Examining data/gspell-1.8.4/gspell/gspell-entry-buffer.c
Examining data/gspell-1.8.4/gspell/gspell-language.c
Examining data/gspell-1.8.4/gspell/gspell-language-chooser.c
Examining data/gspell-1.8.4/gspell/gspell-language-chooser-button.c
Examining data/gspell-1.8.4/gspell/gspell-language-chooser-dialog.c
Examining data/gspell-1.8.4/gspell/gspell-navigator.c
Examining data/gspell-1.8.4/gspell/gspell-navigator-text-view.c
Examining data/gspell-1.8.4/gspell/gspell-text-buffer.c
Examining data/gspell-1.8.4/gspell/gspell-text-view.c
Examining data/gspell-1.8.4/gspell-app/gspell-app.c
Examining data/gspell-1.8.4/tests/test-entry.c
Examining data/gspell-1.8.4/tests/test-text-view.c
Examining data/gspell-1.8.4/tests/test-text-view-basic.c
Examining data/gspell-1.8.4/testsuite/test-checker.c
Examining data/gspell-1.8.4/testsuite/test-entry.c
Examining data/gspell-1.8.4/testsuite/test-inline-checker-text-buffer.c
Examining data/gspell-1.8.4/testsuite/test-text-iter.c
Examining data/gspell-1.8.4/testsuite/test-utils.c
FINAL RESULTS:
data/gspell-1.8.4/gspell/gconstructor.h:36:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__pragma(section(".CRT$XCU",read)) \
data/gspell-1.8.4/gspell/gconstructor.h:42:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__pragma(section(".CRT$XCU",read)) \
data/gspell-1.8.4/gspell/gconstructor.h:54:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
section(".CRT$XCU",read)
data/gspell-1.8.4/gspell/gconstructor.h:61:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
section(".CRT$XCU",read)
data/gspell-1.8.4/gspell/gspell-checker.c:411:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
word_length = strlen (word);
data/gspell-1.8.4/gspell/gspell-entry-utils.c:126:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
word_end = word_start + strlen (word_start);
data/gspell-1.8.4/gspell/gspell-entry-utils.c:206:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
layout_text_byte_length = strlen (layout_text);
data/gspell-1.8.4/gspell/gspell-inline-checker-text-buffer.c:178:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (text),
data/gspell-1.8.4/gspell/gspell-language.c:485:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize length = strlen (code);
data/gspell-1.8.4/gspell/gspell-utils.c:41:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text_length = strlen (text);
ANALYSIS SUMMARY:
Hits = 10
Lines analyzed = 14575 in approximately 0.44 seconds (33297 lines/second)
Physical Source Lines of Code (SLOC) = 9174
Hits@level = [0] 0 [1] 10 [2] 0 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 10 [1+] 10 [2+] 0 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 1.09004 [1+] 1.09004 [2+] 0 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.