Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gucharmap-13.0.4/gucharmap/gucharmap-block-chapters-model.c
Examining data/gucharmap-13.0.4/gucharmap/gucharmap-block-chapters-model.h
Examining data/gucharmap-13.0.4/gucharmap/gucharmap-block-codepoint-list.c
Examining data/gucharmap-13.0.4/gucharmap/gucharmap-block-codepoint-list.h
Examining data/gucharmap-13.0.4/gucharmap/gucharmap-chapters-model.c
Examining data/gucharmap-13.0.4/gucharmap/gucharmap-chapters-model.h
Examining data/gucharmap-13.0.4/gucharmap/gucharmap-chapters-view.c
Examining data/gucharmap-13.0.4/gucharmap/gucharmap-chapters-view.h
Examining data/gucharmap-13.0.4/gucharmap/gucharmap-charmap.c
Examining data/gucharmap-13.0.4/gucharmap/gucharmap-charmap.h
Examining data/gucharmap-13.0.4/gucharmap/gucharmap-chartable-accessible.c
Examining data/gucharmap-13.0.4/gucharmap/gucharmap-chartable-accessible.h
Examining data/gucharmap-13.0.4/gucharmap/gucharmap-chartable-cell-accessible.c
Examining data/gucharmap-13.0.4/gucharmap/gucharmap-chartable-cell-accessible.h
Examining data/gucharmap-13.0.4/gucharmap/gucharmap-chartable.c
Examining data/gucharmap-13.0.4/gucharmap/gucharmap-chartable.h
Examining data/gucharmap-13.0.4/gucharmap/gucharmap-codepoint-list.c
Examining data/gucharmap-13.0.4/gucharmap/gucharmap-codepoint-list.h
Examining data/gucharmap-13.0.4/gucharmap/gucharmap-init.c
Examining data/gucharmap-13.0.4/gucharmap/gucharmap-macros.h
Examining data/gucharmap-13.0.4/gucharmap/gucharmap-mini-fontsel.c
Examining data/gucharmap-13.0.4/gucharmap/gucharmap-mini-fontsel.h
Examining data/gucharmap-13.0.4/gucharmap/gucharmap-print-operation.c
Examining data/gucharmap-13.0.4/gucharmap/gucharmap-print-operation.h
Examining data/gucharmap-13.0.4/gucharmap/gucharmap-private.h
Examining data/gucharmap-13.0.4/gucharmap/gucharmap-script-chapters-model.c
Examining data/gucharmap-13.0.4/gucharmap/gucharmap-script-chapters-model.h
Examining data/gucharmap-13.0.4/gucharmap/gucharmap-script-codepoint-list.c
Examining data/gucharmap-13.0.4/gucharmap/gucharmap-script-codepoint-list.h
Examining data/gucharmap-13.0.4/gucharmap/gucharmap-search-dialog.c
Examining data/gucharmap-13.0.4/gucharmap/gucharmap-search-dialog.h
Examining data/gucharmap-13.0.4/gucharmap/gucharmap-settings.c
Examining data/gucharmap-13.0.4/gucharmap/gucharmap-settings.h
Examining data/gucharmap-13.0.4/gucharmap/gucharmap-unicode-info.c
Examining data/gucharmap-13.0.4/gucharmap/gucharmap-unicode-info.h
Examining data/gucharmap-13.0.4/gucharmap/gucharmap-window.c
Examining data/gucharmap-13.0.4/gucharmap/gucharmap-window.h
Examining data/gucharmap-13.0.4/gucharmap/gucharmap.h
Examining data/gucharmap-13.0.4/gucharmap/main.c
Examining data/gucharmap-13.0.4/gucharmap/unicode-i18n.h
FINAL RESULTS:
data/gucharmap-13.0.4/gucharmap/gucharmap-charmap.c:365:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[7];
data/gucharmap-13.0.4/gucharmap/gucharmap-charmap.c:368:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nbsp[3] = "\302\240\0"; /* U+00A0 NO-BREAK SPACE */
data/gucharmap-13.0.4/gucharmap/gucharmap-print-operation.c:72:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char utf8[7];
data/gucharmap-13.0.4/gucharmap/main.c:121:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char utf[7];
data/gucharmap-13.0.4/gucharmap/gucharmap-charmap.c:318:12: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
gboolean equal;
data/gucharmap-13.0.4/gucharmap/gucharmap-charmap.c:336:8: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (!equal)
data/gucharmap-13.0.4/gucharmap/gucharmap-charmap.c:493:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (str);
data/gucharmap-13.0.4/gucharmap/gucharmap-search-dialog.c:98:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gint needle_len = strlen (needle);
data/gucharmap-13.0.4/gucharmap/gucharmap-search-dialog.c:99:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gint haystack_len = strlen (haystack);
ANALYSIS SUMMARY:
Hits = 9
Lines analyzed = 13026 in approximately 0.45 seconds (28649 lines/second)
Physical Source Lines of Code (SLOC) = 9214
Hits@level = [0] 0 [1] 5 [2] 4 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 9 [1+] 9 [2+] 4 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 0.976774 [1+] 0.976774 [2+] 0.434122 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.