Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/spread-sheet-widget-0.6/demo/custom-axis.c
Examining data/spread-sheet-widget-0.6/demo/main.c
Examining data/spread-sheet-widget-0.6/demo/custom-axis.h
Examining data/spread-sheet-widget-0.6/doc/prog2.c
Examining data/spread-sheet-widget-0.6/doc/prog1.c
Examining data/spread-sheet-widget-0.6/src/ssw-sheet-body.c
Examining data/spread-sheet-widget-0.6/src/ssw-sheet.h
Examining data/spread-sheet-widget-0.6/src/ssw-virtual-model.h
Examining data/spread-sheet-widget-0.6/src/ssw-sheet-single.c
Examining data/spread-sheet-widget-0.6/src/ssw-virtual-model.c
Examining data/spread-sheet-widget-0.6/src/ssw-constraint.h
Examining data/spread-sheet-widget-0.6/src/ssw-sheet-single.h
Examining data/spread-sheet-widget-0.6/src/ssw-axis-model.h
Examining data/spread-sheet-widget-0.6/src/ssw-constraint.c
Examining data/spread-sheet-widget-0.6/src/ssw-html-parser.c
Examining data/spread-sheet-widget-0.6/src/ssw-xpaned.h
Examining data/spread-sheet-widget-0.6/src/ssw-sheet-axis.h
Examining data/spread-sheet-widget-0.6/src/ssw-paste.h
Examining data/spread-sheet-widget-0.6/src/ssw-sheet.c
Examining data/spread-sheet-widget-0.6/src/ssw-sheet-body.h
Examining data/spread-sheet-widget-0.6/src/ssw-axis-model.c
Examining data/spread-sheet-widget-0.6/src/ssw-cell.h
Examining data/spread-sheet-widget-0.6/src/ssw-sheet-axis.c
Examining data/spread-sheet-widget-0.6/src/ssw-xpaned.c
Examining data/spread-sheet-widget-0.6/src/ssw-cell.c
FINAL RESULTS:
data/spread-sheet-widget-0.6/src/ssw-virtual-model.c:262:18: [3] (random) g_random_int:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
model->stamp = g_random_int ();
data/spread-sheet-widget-0.6/src/ssw-sheet-body.c:258:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_css_provider_load_from_data (cp, css, strlen (css), 0);
data/spread-sheet-widget-0.6/src/ssw-sheet-body.c:418:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_css_provider_load_from_data (cp, focused_border, strlen (focused_border), 0);
data/spread-sheet-widget-0.6/src/ssw-sheet-body.c:421:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (unfocused_border), 0);
data/spread-sheet-widget-0.6/src/ssw-xpaned.c:146:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_css_provider_load_from_data (cp, css, strlen (css), 0);
ANALYSIS SUMMARY:
Hits = 5
Lines analyzed = 8891 in approximately 0.18 seconds (48530 lines/second)
Physical Source Lines of Code (SLOC) = 6451
Hits@level = [0] 3 [1] 4 [2] 0 [3] 1 [4] 0 [5] 0
Hits@level+ = [0+] 8 [1+] 5 [2+] 1 [3+] 1 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 1.24012 [1+] 0.775074 [2+] 0.155015 [3+] 0.155015 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.