Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/scim-chewing-0.5.1/src/scim_chewing_config_entry.h Examining data/scim-chewing-0.5.1/src/scim_chewing_imengine.cpp Examining data/scim-chewing-0.5.1/src/scim_chewing_imengine.h Examining data/scim-chewing-0.5.1/src/scim_chewing_imengine_setup.cpp Examining data/scim-chewing-0.5.1/src/scim_color_button.cpp Examining data/scim-chewing-0.5.1/src/scim_color_button.h FINAL RESULTS: data/scim-chewing-0.5.1/src/scim_chewing_imengine.cpp:189:9: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(bgcolor_str, data/scim-chewing-0.5.1/src/scim_chewing_imengine_setup.cpp:766:9: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(color_button_name_string, SCIM_CONFIG_IMENGINE_CHEWING_PREEDIT_BGCOLOR_ "_%d", i + 1); data/scim-chewing-0.5.1/src/scim_chewing_imengine.cpp:186:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bgcolor_str[64]; data/scim-chewing-0.5.1/src/scim_chewing_imengine.cpp:818:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2] = { 0, 0 }; data/scim-chewing-0.5.1/src/scim_chewing_imengine_setup.cpp:755:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char color_button_name_string[64] = { 0 }; data/scim-chewing-0.5.1/src/scim_color_button.cpp:245:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (bp, button->render_buf, rowstride); data/scim-chewing-0.5.1/src/scim_chewing_imengine.cpp:145:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). m_input_mode = m_config->read(String(SCIM_CONFIG_IMENGINE_CHEWING_CHI_ENG_MODE), String("Chi")); data/scim-chewing-0.5.1/src/scim_chewing_imengine.cpp:149:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). str = m_config->read(String(SCIM_CONFIG_IMENGINE_CHEWING_CHI_ENG_KEY), data/scim-chewing-0.5.1/src/scim_chewing_imengine.cpp:155:32: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). m_KeyboardType = m_config->read(String(SCIM_CONFIG_IMENGINE_CHEWING_USER_KB_TYPE), String("KB_DEFAULT")); data/scim-chewing-0.5.1/src/scim_chewing_imengine.cpp:159:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). m_config->read(String(SCIM_CONFIG_IMENGINE_CHEWING_USER_SELECTION_KEYS), data/scim-chewing-0.5.1/src/scim_chewing_imengine.cpp:164:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). m_config->read(String(SCIM_CHEWING_SELECTION_KEYS_NUM), 9); data/scim-chewing-0.5.1/src/scim_chewing_imengine.cpp:168:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). m_config->read(String(SCIM_CONFIG_IMENGINE_CHEWING_ADD_PHRASE_FORWARD), data/scim-chewing-0.5.1/src/scim_chewing_imengine.cpp:172:42: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). m_phrase_choice_rearward = m_config->read(String(SCIM_CONFIG_IMENGINE_CHEWING_PHRASE_CHOICE_REARWARD), true); data/scim-chewing-0.5.1/src/scim_chewing_imengine.cpp:175:37: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). m_auto_shift_cursor = m_config->read(String(SCIM_CONFIG_IMENGINE_CHEWING_AUTO_SHIFT_CURSOR), true); data/scim-chewing-0.5.1/src/scim_chewing_imengine.cpp:178:40: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). m_esc_clean_all_buffer = m_config->read(String(SCIM_CONFIG_IMENGINE_CHEWING_ESC_CLEAN_ALL_BUFFER), false); data/scim-chewing-0.5.1/src/scim_chewing_imengine.cpp:181:38: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). m_space_as_selection = m_config->read(String(SCIM_CONFIG_IMENGINE_CHEWING_SPACE_AS_SELECTION), true); data/scim-chewing-0.5.1/src/scim_chewing_imengine.cpp:191:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). str = m_config->read(String(bgcolor_str), data/scim-chewing-0.5.1/src/scim_chewing_imengine_setup.cpp:941:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). config->read(String(SCIM_CONFIG_IMENGINE_CHEWING_ADD_PHRASE_FORWARD), __config_add_phrase_forward); data/scim-chewing-0.5.1/src/scim_chewing_imengine_setup.cpp:944:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). config->read(String(SCIM_CONFIG_IMENGINE_CHEWING_PHRASE_CHOICE_REARWARD), __config_phrase_choice_rearward); data/scim-chewing-0.5.1/src/scim_chewing_imengine_setup.cpp:947:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). config->read(String(SCIM_CONFIG_IMENGINE_CHEWING_AUTO_SHIFT_CURSOR), __config_auto_shift_cursor); data/scim-chewing-0.5.1/src/scim_chewing_imengine_setup.cpp:950:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). config->read(String(SCIM_CONFIG_IMENGINE_CHEWING_ESC_CLEAN_ALL_BUFFER), __config_esc_clean_all_buffer); data/scim-chewing-0.5.1/src/scim_chewing_imengine_setup.cpp:953:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). config->read(String(SCIM_CONFIG_IMENGINE_CHEWING_SPACE_AS_SELECTION), __config_space_as_selection); data/scim-chewing-0.5.1/src/scim_chewing_imengine_setup.cpp:955:41: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). __config_kb_type_data = config->read(String(SCIM_CONFIG_IMENGINE_CHEWING_USER_KB_TYPE), __config_kb_type_data); data/scim-chewing-0.5.1/src/scim_chewing_imengine_setup.cpp:958:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). config->read(String(SCIM_CONFIG_IMENGINE_CHEWING_USER_SELECTION_KEYS), __config_selKey_type_data); data/scim-chewing-0.5.1/src/scim_chewing_imengine_setup.cpp:960:44: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). __config_selKey_num_data = config->read(String(SCIM_CHEWING_SELECTION_KEYS_NUM), __config_selKey_num_data); data/scim-chewing-0.5.1/src/scim_chewing_imengine_setup.cpp:963:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). config->read(String(SCIM_CONFIG_IMENGINE_CHEWING_CHI_ENG_MODE), __config_chieng_mode_data); data/scim-chewing-0.5.1/src/scim_chewing_imengine_setup.cpp:967:50: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). __config_keyboards[i].data = config->read(String(__config_keyboards[i].key), __config_keyboards[i].data); data/scim-chewing-0.5.1/src/scim_chewing_imengine_setup.cpp:972:38: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). entry.bg_value = config->read(String(entry.bg_key), entry.bg_value); ANALYSIS SUMMARY: Hits = 28 Lines analyzed = 2946 in approximately 0.08 seconds (38605 lines/second) Physical Source Lines of Code (SLOC) = 2279 Hits@level = [0] 1 [1] 22 [2] 4 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 29 [1+] 28 [2+] 6 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 12.7249 [1+] 12.2861 [2+] 2.63273 [3+] 0.877578 [4+] 0.877578 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.