Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/json-glib-1.6.0/json-glib/json-array.c
Examining data/json-glib-1.6.0/json-glib/json-builder.c
Examining data/json-glib-1.6.0/json-glib/json-builder.h
Examining data/json-glib-1.6.0/json-glib/json-debug.c
Examining data/json-glib-1.6.0/json-glib/json-debug.h
Examining data/json-glib-1.6.0/json-glib/json-gboxed.c
Examining data/json-glib-1.6.0/json-glib/json-generator.c
Examining data/json-glib-1.6.0/json-glib/json-generator.h
Examining data/json-glib-1.6.0/json-glib/json-glib-format.c
Examining data/json-glib-1.6.0/json-glib/json-glib-validate.c
Examining data/json-glib-1.6.0/json-glib/json-glib.h
Examining data/json-glib-1.6.0/json-glib/json-gobject-private.h
Examining data/json-glib-1.6.0/json-glib/json-gobject.c
Examining data/json-glib-1.6.0/json-glib/json-gobject.h
Examining data/json-glib-1.6.0/json-glib/json-gvariant.c
Examining data/json-glib-1.6.0/json-glib/json-gvariant.h
Examining data/json-glib-1.6.0/json-glib/json-node.c
Examining data/json-glib-1.6.0/json-glib/json-object.c
Examining data/json-glib-1.6.0/json-glib/json-parser.c
Examining data/json-glib-1.6.0/json-glib/json-parser.h
Examining data/json-glib-1.6.0/json-glib/json-path.c
Examining data/json-glib-1.6.0/json-glib/json-path.h
Examining data/json-glib-1.6.0/json-glib/json-reader.c
Examining data/json-glib-1.6.0/json-glib/json-reader.h
Examining data/json-glib-1.6.0/json-glib/json-scanner.c
Examining data/json-glib-1.6.0/json-glib/json-scanner.h
Examining data/json-glib-1.6.0/json-glib/json-serializable.c
Examining data/json-glib-1.6.0/json-glib/json-types-private.h
Examining data/json-glib-1.6.0/json-glib/json-types.h
Examining data/json-glib-1.6.0/json-glib/json-utils.c
Examining data/json-glib-1.6.0/json-glib/json-utils.h
Examining data/json-glib-1.6.0/json-glib/json-value.c
Examining data/json-glib-1.6.0/json-glib/json-version-macros.h
Examining data/json-glib-1.6.0/json-glib/tests/array.c
Examining data/json-glib-1.6.0/json-glib/tests/boxed.c
Examining data/json-glib-1.6.0/json-glib/tests/builder.c
Examining data/json-glib-1.6.0/json-glib/tests/generator.c
Examining data/json-glib-1.6.0/json-glib/tests/gvariant.c
Examining data/json-glib-1.6.0/json-glib/tests/invalid.c
Examining data/json-glib-1.6.0/json-glib/tests/json-test-utils.h
Examining data/json-glib-1.6.0/json-glib/tests/node.c
Examining data/json-glib-1.6.0/json-glib/tests/object.c
Examining data/json-glib-1.6.0/json-glib/tests/parser.c
Examining data/json-glib-1.6.0/json-glib/tests/path.c
Examining data/json-glib-1.6.0/json-glib/tests/reader.c
Examining data/json-glib-1.6.0/json-glib/tests/serialize-complex.c
Examining data/json-glib-1.6.0/json-glib/tests/serialize-full.c
Examining data/json-glib-1.6.0/json-glib/tests/serialize-simple.c
FINAL RESULTS:
data/json-glib-1.6.0/json-glib/json-generator.c:87:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (str);
data/json-glib-1.6.0/json-glib/json-gobject.c:879:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return json_gobject_from_data (gtype, data, strlen (data), error);
data/json-glib-1.6.0/json-glib/json-gobject.c:916:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen (data);
data/json-glib-1.6.0/json-glib/json-parser.c:1219:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen (data);
data/json-glib-1.6.0/json-glib/json-scanner.c:372:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key.symbol = g_new (gchar, strlen (symbol) + 1);
data/json-glib-1.6.0/json-glib/json-scanner.c:1513:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (value.v_identifier) == 4)
data/json-glib-1.6.0/json-glib/tests/boxed.c:229:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert_cmpint (len, ==, strlen (serialize_data));
data/json-glib-1.6.0/json-glib/tests/builder.c:76:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert_cmpint (length, ==, strlen (complex_object));
data/json-glib-1.6.0/json-glib/tests/builder.c:112:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert_cmpint (length, ==, strlen (empty_object));
data/json-glib-1.6.0/json-glib/tests/generator.c:84:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert_cmpint (len, ==, strlen (empty_array));
data/json-glib-1.6.0/json-glib/tests/generator.c:112:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert_cmpint (len, ==, strlen (empty_object));
data/json-glib-1.6.0/json-glib/tests/generator.c:149:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert_cmpint (len, ==, strlen (simple_array));
data/json-glib-1.6.0/json-glib/tests/generator.c:188:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert_cmpint (len, ==, strlen (nested_array));
data/json-glib-1.6.0/json-glib/tests/generator.c:226:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert_cmpint (len, ==, strlen (simple_object));
data/json-glib-1.6.0/json-glib/tests/generator.c:286:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert_cmpint (len, ==, strlen (nested_object));
data/json-glib-1.6.0/json-glib/tests/generator.c:389:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert_cmpint (len, ==, strlen (pretty_examples[i]));
data/json-glib-1.6.0/json-glib/tests/generator.c:427:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert_cmpuint (length, ==, strlen (fixture->expect));
data/json-glib-1.6.0/json-glib/tests/serialize-simple.c:147:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert_cmpint (len, ==, strlen (data));
ANALYSIS SUMMARY:
Hits = 18
Lines analyzed = 21365 in approximately 0.49 seconds (43761 lines/second)
Physical Source Lines of Code (SLOC) = 13416
Hits@level = [0] 0 [1] 18 [2] 0 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 18 [1+] 18 [2+] 0 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 1.34168 [1+] 1.34168 [2+] 0 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.