Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libchamplain-0.12.20/champlain/champlain-license.h Examining data/libchamplain-0.12.20/champlain/champlain-file-cache.h Examining data/libchamplain-0.12.20/champlain/champlain-file-tile-source.c Examining data/libchamplain-0.12.20/champlain/champlain-marker.h Examining data/libchamplain-0.12.20/champlain/champlain-renderer.h Examining data/libchamplain-0.12.20/champlain/champlain-label.c Examining data/libchamplain-0.12.20/champlain/champlain-map-source-chain.c Examining data/libchamplain-0.12.20/champlain/champlain-tile.c Examining data/libchamplain-0.12.20/champlain/champlain-debug.h Examining data/libchamplain-0.12.20/champlain/champlain-custom-marker.h Examining data/libchamplain-0.12.20/champlain/champlain-network-tile-source.c Examining data/libchamplain-0.12.20/champlain/champlain-marker-layer.c Examining data/libchamplain-0.12.20/champlain/champlain-tile.h Examining data/libchamplain-0.12.20/champlain/champlain-viewport.c Examining data/libchamplain-0.12.20/champlain/champlain-adjustment.c Examining data/libchamplain-0.12.20/champlain/champlain-kinetic-scroll-view.h Examining data/libchamplain-0.12.20/champlain/champlain-marker.c Examining data/libchamplain-0.12.20/champlain/champlain-bounding-box.c Examining data/libchamplain-0.12.20/champlain/champlain-tile-source.c Examining data/libchamplain-0.12.20/champlain/champlain-path-layer.h Examining data/libchamplain-0.12.20/champlain/champlain-renderer.c Examining data/libchamplain-0.12.20/champlain/champlain-error-tile-renderer.c Examining data/libchamplain-0.12.20/champlain/champlain-null-tile-source.h Examining data/libchamplain-0.12.20/champlain/champlain-network-bbox-tile-source.c Examining data/libchamplain-0.12.20/champlain/champlain-image-renderer.h Examining data/libchamplain-0.12.20/champlain/champlain-custom-marker.c Examining data/libchamplain-0.12.20/champlain/champlain-exportable.h Examining data/libchamplain-0.12.20/champlain/champlain-map-source.c Examining data/libchamplain-0.12.20/champlain/champlain-defines.h Examining data/libchamplain-0.12.20/champlain/champlain-map-source-factory.h Examining data/libchamplain-0.12.20/champlain/champlain-private.h Examining data/libchamplain-0.12.20/champlain/champlain-tile-cache.h Examining data/libchamplain-0.12.20/champlain/champlain-location.h Examining data/libchamplain-0.12.20/champlain/champlain-license.c Examining data/libchamplain-0.12.20/champlain/champlain-file-tile-source.h Examining data/libchamplain-0.12.20/champlain/champlain-viewport.h Examining data/libchamplain-0.12.20/champlain/champlain-map-source-chain.h Examining data/libchamplain-0.12.20/champlain/champlain-point.h Examining data/libchamplain-0.12.20/champlain/champlain-network-tile-source.h Examining data/libchamplain-0.12.20/champlain/champlain-bounding-box.h Examining data/libchamplain-0.12.20/champlain/champlain-label.h Examining data/libchamplain-0.12.20/champlain/champlain-map-source-desc.c Examining data/libchamplain-0.12.20/champlain/champlain-tile-cache.c Examining data/libchamplain-0.12.20/champlain/champlain-marker-layer.h Examining data/libchamplain-0.12.20/champlain/champlain-file-cache.c Examining data/libchamplain-0.12.20/champlain/champlain-view.c Examining data/libchamplain-0.12.20/champlain/champlain-memory-cache.h Examining data/libchamplain-0.12.20/champlain/champlain-layer.c Examining data/libchamplain-0.12.20/champlain/champlain-image-renderer.c Examining data/libchamplain-0.12.20/champlain/champlain-map-source-factory.c Examining data/libchamplain-0.12.20/champlain/champlain-scale.c Examining data/libchamplain-0.12.20/champlain/champlain-kinetic-scroll-view.c Examining data/libchamplain-0.12.20/champlain/champlain-network-bbox-tile-source.h Examining data/libchamplain-0.12.20/champlain/champlain-error-tile-renderer.h Examining data/libchamplain-0.12.20/champlain/champlain-memphis-renderer.c Examining data/libchamplain-0.12.20/champlain/champlain-tile-source.h Examining data/libchamplain-0.12.20/champlain/champlain-path-layer.c Examining data/libchamplain-0.12.20/champlain/champlain.h Examining data/libchamplain-0.12.20/champlain/champlain-memory-cache.c Examining data/libchamplain-0.12.20/champlain/champlain-coordinate.c Examining data/libchamplain-0.12.20/champlain/champlain-adjustment.h Examining data/libchamplain-0.12.20/champlain/champlain-layer.h Examining data/libchamplain-0.12.20/champlain/champlain-debug.c Examining data/libchamplain-0.12.20/champlain/champlain-scale.h Examining data/libchamplain-0.12.20/champlain/champlain-point.c Examining data/libchamplain-0.12.20/champlain/champlain-exportable.c Examining data/libchamplain-0.12.20/champlain/champlain-location.c Examining data/libchamplain-0.12.20/champlain/champlain-memphis-renderer.h Examining data/libchamplain-0.12.20/champlain/champlain-null-tile-source.c Examining data/libchamplain-0.12.20/champlain/champlain-view.h Examining data/libchamplain-0.12.20/champlain/champlain-map-source-desc.h Examining data/libchamplain-0.12.20/champlain/champlain-map-source.h Examining data/libchamplain-0.12.20/champlain/champlain-coordinate.h Examining data/libchamplain-0.12.20/demos/url-marker.c Examining data/libchamplain-0.12.20/demos/animated-marker.c Examining data/libchamplain-0.12.20/demos/launcher.c Examining data/libchamplain-0.12.20/demos/minimal-gtk.c Examining data/libchamplain-0.12.20/demos/launcher-gtk.c Examining data/libchamplain-0.12.20/demos/polygons.c Examining data/libchamplain-0.12.20/demos/local-rendering.c Examining data/libchamplain-0.12.20/demos/markers.c Examining data/libchamplain-0.12.20/demos/minimal.c Examining data/libchamplain-0.12.20/demos/markers.h Examining data/libchamplain-0.12.20/demos/create-destroy-test.c Examining data/libchamplain-0.12.20/champlain-gtk/champlain-gtk.h Examining data/libchamplain-0.12.20/champlain-gtk/gtk-champlain-embed.c Examining data/libchamplain-0.12.20/champlain-gtk/gtk-champlain-embed.h Examining data/libchamplain-0.12.20/debian/tests/minimal-gtk.c Examining data/libchamplain-0.12.20/debian/tests/minimal.c FINAL RESULTS: data/libchamplain-0.12.20/champlain/champlain-network-tile-source.c:824:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[100]; data/libchamplain-0.12.20/champlain/champlain-file-cache.c:946:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rc = sqlite3_prepare (priv->db, query, strlen (query), &stmt, NULL); data/libchamplain-0.12.20/champlain/champlain-file-cache.c:973:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rc = sqlite3_prepare (priv->db, query, strlen (query), &stmt, NULL); data/libchamplain-0.12.20/champlain/champlain-label.c:698:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (priv->text != NULL && strlen (priv->text) > 0) data/libchamplain-0.12.20/champlain/champlain-memphis-renderer.c:256:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (default_rules), NULL); data/libchamplain-0.12.20/champlain/champlain-memphis-renderer.c:525:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (default_rules), NULL); data/libchamplain-0.12.20/champlain/champlain-memphis-renderer.c:533:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (default_rules), NULL); data/libchamplain-0.12.20/champlain/champlain-network-tile-source.c:627:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = g_string_sized_new (strlen (priv->uri_format)); ANALYSIS SUMMARY: Hits = 8 Lines analyzed = 29423 in approximately 0.77 seconds (38378 lines/second) Physical Source Lines of Code (SLOC) = 17301 Hits@level = [0] 0 [1] 7 [2] 1 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 8 [1+] 8 [2+] 1 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0.462401 [1+] 0.462401 [2+] 0.0578001 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.