Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/lsdvd-0.17/ocode.h
Examining data/lsdvd-0.17/lsdvd.h
Examining data/lsdvd-0.17/lsdvd.c
Examining data/lsdvd-0.17/oxml.c
Examining data/lsdvd-0.17/oxml.h
Examining data/lsdvd-0.17/ocode.c
Examining data/lsdvd-0.17/ohuman.c

FINAL RESULTS:

data/lsdvd-0.17/ocode.c:94:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(syntax->def, name);
data/lsdvd-0.17/ocode.c:97:9:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        vprintf(format, argp);
data/lsdvd-0.17/ocode.c:105:17:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
                printf((_lvl ? syntax->hash_inner : syntax->hash_outer), name);
data/lsdvd-0.17/ocode.c:116:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		printf(syntax->array_inner, name);
data/lsdvd-0.17/ocode.c:118:17:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
                printf(syntax->array_outer, name);
data/lsdvd-0.17/ocode.c:128:9:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        vprintf(format, argp);
data/lsdvd-0.17/oxml.c:12:2:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	vprintf(format, argp);
data/lsdvd-0.17/lsdvd.c:248:14:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((c = getopt(argc, argv, "acnpPqsdvt:O:xhV?")) != EOF) {
data/lsdvd-0.17/lsdvd.c:27:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static struct { char code[3];	char name[20];}
data/lsdvd-0.17/lsdvd.c:27:31:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static struct { char code[3];	char name[20];}
data/lsdvd-0.17/lsdvd.c:57:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *video_format[2] = {"NTSC", "PAL"};
data/lsdvd-0.17/lsdvd.c:61:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *aspect_ratio[4] = {"4/3", "16/9", "\"?:?\"", "16/9"};
data/lsdvd-0.17/lsdvd.c:62:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *quantization[4] = {"16bit", "20bit", "24bit", "drc"};
data/lsdvd-0.17/lsdvd.c:63:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *mpeg_version[2] = {"mpeg1", "mpeg2"};
data/lsdvd-0.17/lsdvd.c:67:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *video_height[4] = {"480", "576", "???", "576"};
data/lsdvd-0.17/lsdvd.c:68:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *video_width[4]  = {"720", "704", "352", "352"};
data/lsdvd-0.17/lsdvd.c:69:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *permitted_df[4] = {"P&S + Letter", "Pan&Scan", "Letterbox", "?"};
data/lsdvd-0.17/lsdvd.c:70:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *audio_format[7] = {"ac3", "?", "mpeg1", "mpeg2", "lpcm ", "sdds ", "dts"};
data/lsdvd-0.17/lsdvd.c:74:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *sample_freq[2]  = {"48000", "48000"};
data/lsdvd-0.17/lsdvd.c:75:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *audio_type[5]   = {"Undefined", "Normal", "Impaired", "Comments1", "Comments2"};
data/lsdvd-0.17/lsdvd.c:76:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *subp_type[16]   = {"Undefined", "Normal", "Large", "Children", "reserved", "Normal_CC", "Large_CC", "Children_CC",
data/lsdvd-0.17/lsdvd.c:131:22:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (! (filehandle = fopen(dvd_device, "r"))) {
data/lsdvd-0.17/lsdvd.c:133:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(title, "unknown");
data/lsdvd-0.17/lsdvd.c:140:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(title, "unknown");
data/lsdvd-0.17/lsdvd.c:147:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(title, "unknown");
data/lsdvd-0.17/lsdvd.c:229:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char title[33];
data/lsdvd-0.17/lsdvd.c:240:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 	char lang_code[3];
data/lsdvd-0.17/lsdvd.c:261:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		case 't':	opt_t = atoi(optarg);	break;
data/lsdvd-0.17/lsdvd.c:421:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
						sprintf(lang_code, "%c%c", audio_attr->lang_code>>8, audio_attr->lang_code & 0xff);
data/lsdvd-0.17/lsdvd.c:494:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
						sprintf(lang_code, "%c%c", subp_attr->lang_code>>8, subp_attr->lang_code & 0xff);
data/lsdvd-0.17/lsdvd.h:4:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char *video_format[2];
data/lsdvd-0.17/lsdvd.h:5:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char *aspect_ratio[4];
data/lsdvd-0.17/lsdvd.h:6:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char *quantization[4];
data/lsdvd-0.17/lsdvd.h:7:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char *mpeg_version[2];
data/lsdvd-0.17/lsdvd.h:8:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char *video_height[4];
data/lsdvd-0.17/lsdvd.h:9:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char *video_width[4];
data/lsdvd-0.17/lsdvd.h:10:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char *permitted_df[4];
data/lsdvd-0.17/lsdvd.h:11:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char *audio_format[7];
data/lsdvd-0.17/lsdvd.h:13:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char *sample_freq[2];
data/lsdvd-0.17/lsdvd.h:14:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char *audio_type[5];
data/lsdvd-0.17/lsdvd.h:15:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char *subp_type[16];
data/lsdvd-0.17/ocode.c:87:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *_lvl_return[256];
data/lsdvd-0.17/oxml.c:4:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *_xlvl_type[256];
data/lsdvd-0.17/oxml.h:20:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char *_xlvl_type[256];
data/lsdvd-0.17/lsdvd.c:207:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(arg) == 1) {

ANALYSIS SUMMARY:

Hits = 45
Lines analyzed = 1281 in approximately 0.07 seconds (18966 lines/second)
Physical Source Lines of Code (SLOC) = 1028
Hits@level = [0]  77 [1]   1 [2]  36 [3]   1 [4]   7 [5]   0
Hits@level+ = [0+] 122 [1+]  45 [2+]  44 [3+]   8 [4+]   7 [5+]   0
Hits/KSLOC@level+ = [0+] 118.677 [1+] 43.7743 [2+] 42.8016 [3+] 7.7821 [4+] 6.80934 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.