stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libisocodes-1.2.2/src/iso_3166_2_item.c
Examining data/libisocodes-1.2.2/src/isocodes.c
Examining data/libisocodes-1.2.2/src/exceptions.c
Examining data/libisocodes-1.2.2/src/iso_15924_item.c
Examining data/libisocodes-1.2.2/src/iso_639_3.c
Examining data/libisocodes-1.2.2/src/iso_3166_item.c
Examining data/libisocodes-1.2.2/src/iso_3166.c
Examining data/libisocodes-1.2.2/src/iso_639_3_item.c
Examining data/libisocodes-1.2.2/src/iso_15924.c
Examining data/libisocodes-1.2.2/src/iso_639_item.c
Examining data/libisocodes-1.2.2/src/iso_3166_2.c
Examining data/libisocodes-1.2.2/src/iso_4217.c
Examining data/libisocodes-1.2.2/src/iso_639_5.c
Examining data/libisocodes-1.2.2/src/iso_639.c
Examining data/libisocodes-1.2.2/src/iso_639_5_item.c
Examining data/libisocodes-1.2.2/src/iso_4217_item.c
Examining data/libisocodes-1.2.2/libisocodes.h

FINAL RESULTS:

data/libisocodes-1.2.2/src/iso_15924.c:338:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	_tmp0_ = strlen (self);
data/libisocodes-1.2.2/src/iso_15924.c:470:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		_tmp17_ = strlen (_tmp16_);
data/libisocodes-1.2.2/src/iso_3166.c:360:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	_tmp2_ = strlen (_tmp1_);
data/libisocodes-1.2.2/src/iso_639.c:359:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	_tmp2_ = strlen (_tmp1_);
data/libisocodes-1.2.2/src/iso_639_3.c:359:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	_tmp2_ = strlen (_tmp1_);
data/libisocodes-1.2.2/src/isocodes.c:1203:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	_tmp1_ = strlen (_tmp0_);

ANALYSIS SUMMARY:

Hits = 6
Lines analyzed = 6382 in approximately 0.39 seconds (16402 lines/second)
Physical Source Lines of Code (SLOC) = 5044
Hits@level = [0]   0 [1]   6 [2]   0 [3]   0 [4]   0 [5]   0
Hits@level+ = [0+]   6 [1+]   6 [2+]   0 [3+]   0 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 1.18953 [1+] 1.18953 [2+]   0 [3+]   0 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.