Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/anypaper-2.4/anypaper/anypaper_image.h
Examining data/anypaper-2.4/anypaper/anypaper_preview.c
Examining data/anypaper-2.4/anypaper/anypaper_command.c
Examining data/anypaper-2.4/anypaper/anypaper_command.h
Examining data/anypaper-2.4/anypaper/anypaper_image.c
Examining data/anypaper-2.4/anypaper/anypaper_window.c
Examining data/anypaper-2.4/anypaper/anypaper.c
Examining data/anypaper-2.4/anypaper/anypaper_parameters.c
Examining data/anypaper-2.4/anypaper/anypaper_wallpapersetter.c
Examining data/anypaper-2.4/anypaper/anypaper_preview.h
Examining data/anypaper-2.4/anypaper/anypaper_window.h
Examining data/anypaper-2.4/anypaper/anypaper_wallpapersetter.h
Examining data/anypaper-2.4/anypaper/anypaper_parameters.h
FINAL RESULTS:
data/anypaper-2.4/anypaper/anypaper.c:78:43: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
buffer = g_strdup_printf("%s/.anypaper", g_get_home_dir ());
data/anypaper-2.4/anypaper/anypaper.c:82:74: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
if (rcfile == NULL) rcfile = g_strdup_printf("%s/.anypaper/anypaperrc", g_get_home_dir ());
data/anypaper-2.4/anypaper/anypaper.c:83:99: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
if (lastwallpaperfile == NULL) lastwallpaperfile = g_strdup_printf("%s/.anypaper/lastwallpaper", g_get_home_dir ());
data/anypaper-2.4/anypaper/anypaper.c:86:106: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
if (wallpapersetterfile == NULL) wallpapersetterfile = g_strdup_printf("%s/.anypaper/wallpapersetters", g_get_home_dir ());
data/anypaper-2.4/anypaper/anypaper_parameters.c:106:65: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
self->defaultfile = g_strdup_printf("%s/.anypaper/output.png", g_get_home_dir ());
data/anypaper-2.4/anypaper/anypaper_window.c:416:74: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
if (rcfile == NULL) rcfile = g_strdup_printf("%s/.anypaper/anypaperrc", g_get_home_dir ());
data/anypaper-2.4/anypaper/anypaper_window.c:417:99: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
if (lastwallpaperfile == NULL) lastwallpaperfile = g_strdup_printf("%s/.anypaper/lastwallpaper", g_get_home_dir ());
ANALYSIS SUMMARY:
Hits = 7
Lines analyzed = 3046 in approximately 0.11 seconds (27484 lines/second)
Physical Source Lines of Code (SLOC) = 2063
Hits@level = [0] 1 [1] 0 [2] 0 [3] 7 [4] 0 [5] 0
Hits@level+ = [0+] 8 [1+] 7 [2+] 7 [3+] 7 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 3.87785 [1+] 3.39312 [2+] 3.39312 [3+] 3.39312 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.