Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/scim-chewing-0.5.1/src/scim_chewing_config_entry.h
Examining data/scim-chewing-0.5.1/src/scim_chewing_imengine.cpp
Examining data/scim-chewing-0.5.1/src/scim_chewing_imengine.h
Examining data/scim-chewing-0.5.1/src/scim_chewing_imengine_setup.cpp
Examining data/scim-chewing-0.5.1/src/scim_color_button.cpp
Examining data/scim-chewing-0.5.1/src/scim_color_button.h
FINAL RESULTS:
data/scim-chewing-0.5.1/src/scim_chewing_imengine.cpp:189:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(bgcolor_str,
data/scim-chewing-0.5.1/src/scim_chewing_imengine_setup.cpp:766:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(color_button_name_string, SCIM_CONFIG_IMENGINE_CHEWING_PREEDIT_BGCOLOR_ "_%d", i + 1);
data/scim-chewing-0.5.1/src/scim_chewing_imengine.cpp:186:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bgcolor_str[64];
data/scim-chewing-0.5.1/src/scim_chewing_imengine.cpp:818:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2] = { 0, 0 };
data/scim-chewing-0.5.1/src/scim_chewing_imengine_setup.cpp:755:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char color_button_name_string[64] = { 0 };
data/scim-chewing-0.5.1/src/scim_color_button.cpp:245:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (bp, button->render_buf, rowstride);
data/scim-chewing-0.5.1/src/scim_chewing_imengine.cpp:145:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_input_mode = m_config->read(String(SCIM_CONFIG_IMENGINE_CHEWING_CHI_ENG_MODE), String("Chi"));
data/scim-chewing-0.5.1/src/scim_chewing_imengine.cpp:149:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
str = m_config->read(String(SCIM_CONFIG_IMENGINE_CHEWING_CHI_ENG_KEY),
data/scim-chewing-0.5.1/src/scim_chewing_imengine.cpp:155:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_KeyboardType = m_config->read(String(SCIM_CONFIG_IMENGINE_CHEWING_USER_KB_TYPE), String("KB_DEFAULT"));
data/scim-chewing-0.5.1/src/scim_chewing_imengine.cpp:159:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_config->read(String(SCIM_CONFIG_IMENGINE_CHEWING_USER_SELECTION_KEYS),
data/scim-chewing-0.5.1/src/scim_chewing_imengine.cpp:164:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_config->read(String(SCIM_CHEWING_SELECTION_KEYS_NUM), 9);
data/scim-chewing-0.5.1/src/scim_chewing_imengine.cpp:168:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_config->read(String(SCIM_CONFIG_IMENGINE_CHEWING_ADD_PHRASE_FORWARD),
data/scim-chewing-0.5.1/src/scim_chewing_imengine.cpp:172:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_phrase_choice_rearward = m_config->read(String(SCIM_CONFIG_IMENGINE_CHEWING_PHRASE_CHOICE_REARWARD), true);
data/scim-chewing-0.5.1/src/scim_chewing_imengine.cpp:175:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_auto_shift_cursor = m_config->read(String(SCIM_CONFIG_IMENGINE_CHEWING_AUTO_SHIFT_CURSOR), true);
data/scim-chewing-0.5.1/src/scim_chewing_imengine.cpp:178:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_esc_clean_all_buffer = m_config->read(String(SCIM_CONFIG_IMENGINE_CHEWING_ESC_CLEAN_ALL_BUFFER), false);
data/scim-chewing-0.5.1/src/scim_chewing_imengine.cpp:181:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_space_as_selection = m_config->read(String(SCIM_CONFIG_IMENGINE_CHEWING_SPACE_AS_SELECTION), true);
data/scim-chewing-0.5.1/src/scim_chewing_imengine.cpp:191:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
str = m_config->read(String(bgcolor_str),
data/scim-chewing-0.5.1/src/scim_chewing_imengine_setup.cpp:941:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
config->read(String(SCIM_CONFIG_IMENGINE_CHEWING_ADD_PHRASE_FORWARD), __config_add_phrase_forward);
data/scim-chewing-0.5.1/src/scim_chewing_imengine_setup.cpp:944:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
config->read(String(SCIM_CONFIG_IMENGINE_CHEWING_PHRASE_CHOICE_REARWARD), __config_phrase_choice_rearward);
data/scim-chewing-0.5.1/src/scim_chewing_imengine_setup.cpp:947:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
config->read(String(SCIM_CONFIG_IMENGINE_CHEWING_AUTO_SHIFT_CURSOR), __config_auto_shift_cursor);
data/scim-chewing-0.5.1/src/scim_chewing_imengine_setup.cpp:950:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
config->read(String(SCIM_CONFIG_IMENGINE_CHEWING_ESC_CLEAN_ALL_BUFFER), __config_esc_clean_all_buffer);
data/scim-chewing-0.5.1/src/scim_chewing_imengine_setup.cpp:953:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
config->read(String(SCIM_CONFIG_IMENGINE_CHEWING_SPACE_AS_SELECTION), __config_space_as_selection);
data/scim-chewing-0.5.1/src/scim_chewing_imengine_setup.cpp:955:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__config_kb_type_data = config->read(String(SCIM_CONFIG_IMENGINE_CHEWING_USER_KB_TYPE), __config_kb_type_data);
data/scim-chewing-0.5.1/src/scim_chewing_imengine_setup.cpp:958:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
config->read(String(SCIM_CONFIG_IMENGINE_CHEWING_USER_SELECTION_KEYS), __config_selKey_type_data);
data/scim-chewing-0.5.1/src/scim_chewing_imengine_setup.cpp:960:44: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__config_selKey_num_data = config->read(String(SCIM_CHEWING_SELECTION_KEYS_NUM), __config_selKey_num_data);
data/scim-chewing-0.5.1/src/scim_chewing_imengine_setup.cpp:963:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
config->read(String(SCIM_CONFIG_IMENGINE_CHEWING_CHI_ENG_MODE), __config_chieng_mode_data);
data/scim-chewing-0.5.1/src/scim_chewing_imengine_setup.cpp:967:50: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__config_keyboards[i].data = config->read(String(__config_keyboards[i].key), __config_keyboards[i].data);
data/scim-chewing-0.5.1/src/scim_chewing_imengine_setup.cpp:972:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
entry.bg_value = config->read(String(entry.bg_key), entry.bg_value);
ANALYSIS SUMMARY:
Hits = 28
Lines analyzed = 2946 in approximately 0.08 seconds (38605 lines/second)
Physical Source Lines of Code (SLOC) = 2279
Hits@level = [0] 1 [1] 22 [2] 4 [3] 0 [4] 2 [5] 0
Hits@level+ = [0+] 29 [1+] 28 [2+] 6 [3+] 2 [4+] 2 [5+] 0
Hits/KSLOC@level+ = [0+] 12.7249 [1+] 12.2861 [2+] 2.63273 [3+] 0.877578 [4+] 0.877578 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.