Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/zfec-1.5.2/zfec/_fecmodule.c Examining data/zfec-1.5.2/zfec/fec.c Examining data/zfec-1.5.2/zfec/fec.h FINAL RESULTS: data/zfec-1.5.2/zfec/_fecmodule.c:585:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char b0c[8], b1c[8]; data/zfec-1.5.2/zfec/_fecmodule.c:586:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char b0[8], b1[8], b2[8], b3[8], b4[8]; data/zfec-1.5.2/zfec/_fecmodule.c:588:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char *blocks[3] = {b0, b1, b2}; data/zfec-1.5.2/zfec/_fecmodule.c:589:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *outblocks[2] = {b3, b4}; data/zfec-1.5.2/zfec/_fecmodule.c:615:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(b0c, b0, 8); memcpy(b1c, b1, 8); data/zfec-1.5.2/zfec/_fecmodule.c:615:23: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(b0c, b0, 8); memcpy(b1c, b1, 8); data/zfec-1.5.2/zfec/fec.c:509:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, &(code->enc_matrix[index[i] * code->k]), k); ANALYSIS SUMMARY: Hits = 7 Lines analyzed = 1377 in approximately 0.07 seconds (18935 lines/second) Physical Source Lines of Code (SLOC) = 875 Hits@level = [0] 1 [1] 0 [2] 7 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 8 [1+] 7 [2+] 7 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 9.14286 [1+] 8 [2+] 8 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.