Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/ocaml-flac-0.2.0/src/flac_stubs.c Examining data/ocaml-flac-0.2.0/src/ogg_flac_stubs.c Examining data/ocaml-flac-0.2.0/src/flac_stubs.h FINAL RESULTS: data/ocaml-flac-0.2.0/src/flac_stubs.c:227:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(callbacks->info, &metadata->data.stream_info, data/ocaml-flac-0.2.0/src/flac_stubs.c:369:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, String_val(callbacks->data), readlen); data/ocaml-flac-0.2.0/src/flac_stubs.c:526:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(Bytes_val(tmp), info->md5sum, 16); data/ocaml-flac-0.2.0/src/flac_stubs.c:670:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(Bytes_val(buf), buffer, bytes); data/ocaml-flac-0.2.0/src/ogg_flac_stubs.c:134:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, data + offset, len); data/ocaml-flac-0.2.0/src/ogg_flac_stubs.c:153:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(h->data, data + offset + len, rem); data/ocaml-flac-0.2.0/src/ogg_flac_stubs.c:192:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(priv->data, p->packet, p->bytes); data/ocaml-flac-0.2.0/src/ogg_flac_stubs.c:233:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char header[51] = { data/ocaml-flac-0.2.0/src/ogg_flac_stubs.c:273:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op.packet + 13, buffer, bytes); data/ocaml-flac-0.2.0/src/ogg_flac_stubs.c:406:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op.packet, FISBONE_IDENTIFIER, 8); /* identifier */ data/ocaml-flac-0.2.0/src/ogg_flac_stubs.c:420:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op.packet + FISBONE_SIZE, String_val(content), data/ocaml-flac-0.2.0/src/flac_stubs.c:192:56: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). caml_remove_generational_global_root(&dec->callbacks.read); data/ocaml-flac-0.2.0/src/flac_stubs.c:366:47: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). readlen = Int_val(caml_callback3(callbacks->read, callbacks->data, Val_int(0), data/ocaml-flac-0.2.0/src/flac_stubs.c:444:58: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). caml_register_generational_global_root(&dec->callbacks.read); data/ocaml-flac-0.2.0/src/flac_stubs.h:40:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). value read; data/ocaml-flac-0.2.0/src/flac_stubs.h:57:57: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). caml_modify_generational_global_root(&(x->callbacks.read), Field(c, 0)); \ data/ocaml-flac-0.2.0/src/flac_stubs.h:66:57: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). caml_modify_generational_global_root(&(x->callbacks.read), Val_unit); \ ANALYSIS SUMMARY: Hits = 17 Lines analyzed = 1452 in approximately 0.08 seconds (17980 lines/second) Physical Source Lines of Code (SLOC) = 1056 Hits@level = [0] 0 [1] 6 [2] 11 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 17 [1+] 17 [2+] 11 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 16.0985 [1+] 16.0985 [2+] 10.4167 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.