Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/caja-actions-1.8.3/src/api/na-boxed.h
Examining data/caja-actions-1.8.3/src/api/na-core-utils.h
Examining data/caja-actions-1.8.3/src/api/na-data-boxed.h
Examining data/caja-actions-1.8.3/src/api/na-data-def.h
Examining data/caja-actions-1.8.3/src/api/na-data-types.h
Examining data/caja-actions-1.8.3/src/api/na-dbus.h
Examining data/caja-actions-1.8.3/src/api/na-extension.h
Examining data/caja-actions-1.8.3/src/api/na-icontext.h
Examining data/caja-actions-1.8.3/src/api/na-iduplicable.h
Examining data/caja-actions-1.8.3/src/api/na-iexporter.h
Examining data/caja-actions-1.8.3/src/api/na-ifactory-object-data.h
Examining data/caja-actions-1.8.3/src/api/na-ifactory-object.h
Examining data/caja-actions-1.8.3/src/api/na-ifactory-provider-provider.h
Examining data/caja-actions-1.8.3/src/api/na-ifactory-provider.h
Examining data/caja-actions-1.8.3/src/api/na-iimporter.h
Examining data/caja-actions-1.8.3/src/api/na-object-action.h
Examining data/caja-actions-1.8.3/src/api/na-object-api.h
Examining data/caja-actions-1.8.3/src/api/na-object-id.h
Examining data/caja-actions-1.8.3/src/api/na-object-item.h
Examining data/caja-actions-1.8.3/src/api/na-object-menu.h
Examining data/caja-actions-1.8.3/src/api/na-object-profile.h
Examining data/caja-actions-1.8.3/src/api/na-object.h
Examining data/caja-actions-1.8.3/src/api/na-timeout.h
Examining data/caja-actions-1.8.3/src/api/na-iio-provider.h
Examining data/caja-actions-1.8.3/src/cact/base-application.c
Examining data/caja-actions-1.8.3/src/cact/base-application.h
Examining data/caja-actions-1.8.3/src/cact/base-assistant.c
Examining data/caja-actions-1.8.3/src/cact/base-assistant.h
Examining data/caja-actions-1.8.3/src/cact/base-builder.c
Examining data/caja-actions-1.8.3/src/cact/base-builder.h
Examining data/caja-actions-1.8.3/src/cact/base-dialog.c
Examining data/caja-actions-1.8.3/src/cact/base-dialog.h
Examining data/caja-actions-1.8.3/src/cact/base-gtk-utils.c
Examining data/caja-actions-1.8.3/src/cact/base-gtk-utils.h
Examining data/caja-actions-1.8.3/src/cact/base-isession.c
Examining data/caja-actions-1.8.3/src/cact/base-isession.h
Examining data/caja-actions-1.8.3/src/cact/base-iunique.c
Examining data/caja-actions-1.8.3/src/cact/base-iunique.h
Examining data/caja-actions-1.8.3/src/cact/base-keysyms.h
Examining data/caja-actions-1.8.3/src/cact/base-marshal.c
Examining data/caja-actions-1.8.3/src/cact/base-marshal.h
Examining data/caja-actions-1.8.3/src/cact/base-window.c
Examining data/caja-actions-1.8.3/src/cact/base-window.h
Examining data/caja-actions-1.8.3/src/cact/cact-add-capability-dialog.c
Examining data/caja-actions-1.8.3/src/cact/cact-add-capability-dialog.h
Examining data/caja-actions-1.8.3/src/cact/cact-add-scheme-dialog.c
Examining data/caja-actions-1.8.3/src/cact/cact-add-scheme-dialog.h
Examining data/caja-actions-1.8.3/src/cact/cact-application.c
Examining data/caja-actions-1.8.3/src/cact/cact-application.h
Examining data/caja-actions-1.8.3/src/cact/cact-assistant-export.c
Examining data/caja-actions-1.8.3/src/cact/cact-assistant-export.h
Examining data/caja-actions-1.8.3/src/cact/cact-assistant-import.c
Examining data/caja-actions-1.8.3/src/cact/cact-assistant-import.h
Examining data/caja-actions-1.8.3/src/cact/cact-clipboard.c
Examining data/caja-actions-1.8.3/src/cact/cact-clipboard.h
Examining data/caja-actions-1.8.3/src/cact/cact-confirm-logout.c
Examining data/caja-actions-1.8.3/src/cact/cact-confirm-logout.h
Examining data/caja-actions-1.8.3/src/cact/cact-export-ask.c
Examining data/caja-actions-1.8.3/src/cact/cact-export-ask.h
Examining data/caja-actions-1.8.3/src/cact/cact-iaction-tab.c
Examining data/caja-actions-1.8.3/src/cact/cact-iaction-tab.h
Examining data/caja-actions-1.8.3/src/cact/cact-ibasenames-tab.c
Examining data/caja-actions-1.8.3/src/cact/cact-ibasenames-tab.h
Examining data/caja-actions-1.8.3/src/cact/cact-icapabilities-tab.c
Examining data/caja-actions-1.8.3/src/cact/cact-icapabilities-tab.h
Examining data/caja-actions-1.8.3/src/cact/cact-icommand-tab.c
Examining data/caja-actions-1.8.3/src/cact/cact-icommand-tab.h
Examining data/caja-actions-1.8.3/src/cact/cact-icon-chooser.c
Examining data/caja-actions-1.8.3/src/cact/cact-icon-chooser.h
Examining data/caja-actions-1.8.3/src/cact/cact-ienvironment-tab.c
Examining data/caja-actions-1.8.3/src/cact/cact-ienvironment-tab.h
Examining data/caja-actions-1.8.3/src/cact/cact-iexecution-tab.c
Examining data/caja-actions-1.8.3/src/cact/cact-iexecution-tab.h
Examining data/caja-actions-1.8.3/src/cact/cact-ifolders-tab.c
Examining data/caja-actions-1.8.3/src/cact/cact-ifolders-tab.h
Examining data/caja-actions-1.8.3/src/cact/cact-imimetypes-tab.c
Examining data/caja-actions-1.8.3/src/cact/cact-imimetypes-tab.h
Examining data/caja-actions-1.8.3/src/cact/cact-iproperties-tab.c
Examining data/caja-actions-1.8.3/src/cact/cact-iproperties-tab.h
Examining data/caja-actions-1.8.3/src/cact/cact-ischemes-tab.c
Examining data/caja-actions-1.8.3/src/cact/cact-ischemes-tab.h
Examining data/caja-actions-1.8.3/src/cact/cact-main-statusbar.c
Examining data/caja-actions-1.8.3/src/cact/cact-main-statusbar.h
Examining data/caja-actions-1.8.3/src/cact/cact-main-tab.c
Examining data/caja-actions-1.8.3/src/cact/cact-main-tab.h
Examining data/caja-actions-1.8.3/src/cact/cact-main-toolbar.c
Examining data/caja-actions-1.8.3/src/cact/cact-main-toolbar.h
Examining data/caja-actions-1.8.3/src/cact/cact-main-window.c
Examining data/caja-actions-1.8.3/src/cact/cact-main-window.h
Examining data/caja-actions-1.8.3/src/cact/cact-marshal.c
Examining data/caja-actions-1.8.3/src/cact/cact-marshal.h
Examining data/caja-actions-1.8.3/src/cact/cact-match-list.c
Examining data/caja-actions-1.8.3/src/cact/cact-match-list.h
Examining data/caja-actions-1.8.3/src/cact/cact-menubar-edit.c
Examining data/caja-actions-1.8.3/src/cact/cact-menubar-file.c
Examining data/caja-actions-1.8.3/src/cact/cact-menubar-help.c
Examining data/caja-actions-1.8.3/src/cact/cact-menubar-maintainer.c
Examining data/caja-actions-1.8.3/src/cact/cact-menubar-priv.h
Examining data/caja-actions-1.8.3/src/cact/cact-menubar-tools.c
Examining data/caja-actions-1.8.3/src/cact/cact-menubar-view.c
Examining data/caja-actions-1.8.3/src/cact/cact-menubar.c
Examining data/caja-actions-1.8.3/src/cact/cact-menubar.h
Examining data/caja-actions-1.8.3/src/cact/cact-preferences-editor.c
Examining data/caja-actions-1.8.3/src/cact/cact-preferences-editor.h
Examining data/caja-actions-1.8.3/src/cact/cact-providers-list.c
Examining data/caja-actions-1.8.3/src/cact/cact-providers-list.h
Examining data/caja-actions-1.8.3/src/cact/cact-schemes-list.c
Examining data/caja-actions-1.8.3/src/cact/cact-schemes-list.h
Examining data/caja-actions-1.8.3/src/cact/cact-sort-buttons.c
Examining data/caja-actions-1.8.3/src/cact/cact-sort-buttons.h
Examining data/caja-actions-1.8.3/src/cact/cact-tree-ieditable.c
Examining data/caja-actions-1.8.3/src/cact/cact-tree-ieditable.h
Examining data/caja-actions-1.8.3/src/cact/cact-tree-model-dnd.c
Examining data/caja-actions-1.8.3/src/cact/cact-tree-model-priv.h
Examining data/caja-actions-1.8.3/src/cact/cact-tree-model.c
Examining data/caja-actions-1.8.3/src/cact/cact-tree-model.h
Examining data/caja-actions-1.8.3/src/cact/cact-tree-view.c
Examining data/caja-actions-1.8.3/src/cact/cact-tree-view.h
Examining data/caja-actions-1.8.3/src/cact/egg-desktop-file.c
Examining data/caja-actions-1.8.3/src/cact/egg-desktop-file.h
Examining data/caja-actions-1.8.3/src/cact/egg-sm-client-private.h
Examining data/caja-actions-1.8.3/src/cact/egg-sm-client-xsmp.c
Examining data/caja-actions-1.8.3/src/cact/egg-sm-client.c
Examining data/caja-actions-1.8.3/src/cact/egg-sm-client.h
Examining data/caja-actions-1.8.3/src/cact/egg-tree-multi-dnd.c
Examining data/caja-actions-1.8.3/src/cact/egg-tree-multi-dnd.h
Examining data/caja-actions-1.8.3/src/cact/main.c
Examining data/caja-actions-1.8.3/src/core/na-about.c
Examining data/caja-actions-1.8.3/src/core/na-about.h
Examining data/caja-actions-1.8.3/src/core/na-boxed.c
Examining data/caja-actions-1.8.3/src/core/na-core-utils.c
Examining data/caja-actions-1.8.3/src/core/na-data-boxed.c
Examining data/caja-actions-1.8.3/src/core/na-data-def.c
Examining data/caja-actions-1.8.3/src/core/na-data-types.c
Examining data/caja-actions-1.8.3/src/core/na-desktop-environment.h
Examining data/caja-actions-1.8.3/src/core/na-export-format.c
Examining data/caja-actions-1.8.3/src/core/na-export-format.h
Examining data/caja-actions-1.8.3/src/core/na-exporter.c
Examining data/caja-actions-1.8.3/src/core/na-exporter.h
Examining data/caja-actions-1.8.3/src/core/na-factory-object.c
Examining data/caja-actions-1.8.3/src/core/na-factory-object.h
Examining data/caja-actions-1.8.3/src/core/na-factory-provider.c
Examining data/caja-actions-1.8.3/src/core/na-factory-provider.h
Examining data/caja-actions-1.8.3/src/core/na-gtk-utils.c
Examining data/caja-actions-1.8.3/src/core/na-gtk-utils.h
Examining data/caja-actions-1.8.3/src/core/na-icontext-factory.c
Examining data/caja-actions-1.8.3/src/core/na-icontext.c
Examining data/caja-actions-1.8.3/src/core/na-iduplicable.c
Examining data/caja-actions-1.8.3/src/core/na-iexporter.c
Examining data/caja-actions-1.8.3/src/core/na-ifactory-object.c
Examining data/caja-actions-1.8.3/src/core/na-ifactory-provider.c
Examining data/caja-actions-1.8.3/src/core/na-iimporter.c
Examining data/caja-actions-1.8.3/src/core/na-iio-provider.c
Examining data/caja-actions-1.8.3/src/core/na-import-mode.c
Examining data/caja-actions-1.8.3/src/core/na-import-mode.h
Examining data/caja-actions-1.8.3/src/core/na-importer-ask.c
Examining data/caja-actions-1.8.3/src/core/na-importer-ask.h
Examining data/caja-actions-1.8.3/src/core/na-importer.c
Examining data/caja-actions-1.8.3/src/core/na-importer.h
Examining data/caja-actions-1.8.3/src/core/na-io-provider.c
Examining data/caja-actions-1.8.3/src/core/na-io-provider.h
Examining data/caja-actions-1.8.3/src/core/na-ioption.c
Examining data/caja-actions-1.8.3/src/core/na-ioption.h
Examining data/caja-actions-1.8.3/src/core/na-ioptions-list.c
Examining data/caja-actions-1.8.3/src/core/na-ioptions-list.h
Examining data/caja-actions-1.8.3/src/core/na-iprefs.c
Examining data/caja-actions-1.8.3/src/core/na-iprefs.h
Examining data/caja-actions-1.8.3/src/core/na-marshal.c
Examining data/caja-actions-1.8.3/src/core/na-marshal.h
Examining data/caja-actions-1.8.3/src/core/na-mate-vfs-uri.c
Examining data/caja-actions-1.8.3/src/core/na-mate-vfs-uri.h
Examining data/caja-actions-1.8.3/src/core/na-mateconf-migration.c
Examining data/caja-actions-1.8.3/src/core/na-mateconf-migration.h
Examining data/caja-actions-1.8.3/src/core/na-mateconf-monitor.c
Examining data/caja-actions-1.8.3/src/core/na-mateconf-utils.c
Examining data/caja-actions-1.8.3/src/core/na-module.c
Examining data/caja-actions-1.8.3/src/core/na-module.h
Examining data/caja-actions-1.8.3/src/core/na-object-action-factory.c
Examining data/caja-actions-1.8.3/src/core/na-object-action.c
Examining data/caja-actions-1.8.3/src/core/na-object-id-factory.c
Examining data/caja-actions-1.8.3/src/core/na-object-id.c
Examining data/caja-actions-1.8.3/src/core/na-object-item-factory.c
Examining data/caja-actions-1.8.3/src/core/na-object-item.c
Examining data/caja-actions-1.8.3/src/core/na-object-menu-factory.c
Examining data/caja-actions-1.8.3/src/core/na-object-menu.c
Examining data/caja-actions-1.8.3/src/core/na-object-profile-factory.c
Examining data/caja-actions-1.8.3/src/core/na-object-profile.c
Examining data/caja-actions-1.8.3/src/core/na-object.c
Examining data/caja-actions-1.8.3/src/core/na-pivot.c
Examining data/caja-actions-1.8.3/src/core/na-pivot.h
Examining data/caja-actions-1.8.3/src/core/na-selected-info.c
Examining data/caja-actions-1.8.3/src/core/na-selected-info.h
Examining data/caja-actions-1.8.3/src/core/na-settings.c
Examining data/caja-actions-1.8.3/src/core/na-settings.h
Examining data/caja-actions-1.8.3/src/core/na-timeout.c
Examining data/caja-actions-1.8.3/src/core/na-tokens.c
Examining data/caja-actions-1.8.3/src/core/na-tokens.h
Examining data/caja-actions-1.8.3/src/core/na-updater.c
Examining data/caja-actions-1.8.3/src/core/na-updater.h
Examining data/caja-actions-1.8.3/src/core/na-desktop-environment.c
Examining data/caja-actions-1.8.3/src/io-desktop/cadp-desktop-file.c
Examining data/caja-actions-1.8.3/src/io-desktop/cadp-desktop-file.h
Examining data/caja-actions-1.8.3/src/io-desktop/cadp-desktop-provider.c
Examining data/caja-actions-1.8.3/src/io-desktop/cadp-desktop-provider.h
Examining data/caja-actions-1.8.3/src/io-desktop/cadp-formats.c
Examining data/caja-actions-1.8.3/src/io-desktop/cadp-formats.h
Examining data/caja-actions-1.8.3/src/io-desktop/cadp-keys.c
Examining data/caja-actions-1.8.3/src/io-desktop/cadp-keys.h
Examining data/caja-actions-1.8.3/src/io-desktop/cadp-module.c
Examining data/caja-actions-1.8.3/src/io-desktop/cadp-monitor.c
Examining data/caja-actions-1.8.3/src/io-desktop/cadp-monitor.h
Examining data/caja-actions-1.8.3/src/io-desktop/cadp-reader.c
Examining data/caja-actions-1.8.3/src/io-desktop/cadp-reader.h
Examining data/caja-actions-1.8.3/src/io-desktop/cadp-utils.c
Examining data/caja-actions-1.8.3/src/io-desktop/cadp-utils.h
Examining data/caja-actions-1.8.3/src/io-desktop/cadp-writer.c
Examining data/caja-actions-1.8.3/src/io-desktop/cadp-writer.h
Examining data/caja-actions-1.8.3/src/io-desktop/cadp-xdg-dirs.c
Examining data/caja-actions-1.8.3/src/io-desktop/cadp-xdg-dirs.h
Examining data/caja-actions-1.8.3/src/plugin-menu/caja-actions.c
Examining data/caja-actions-1.8.3/src/plugin-menu/caja-actions.h
Examining data/caja-actions-1.8.3/src/plugin-menu/caja-module.c
Examining data/caja-actions-1.8.3/src/plugin-tracker/na-tracker-plugin.c
Examining data/caja-actions-1.8.3/src/plugin-tracker/na-tracker.c
Examining data/caja-actions-1.8.3/src/plugin-tracker/na-tracker.h
Examining data/caja-actions-1.8.3/src/test/test-iface-base.c
Examining data/caja-actions-1.8.3/src/test/test-iface-base.h
Examining data/caja-actions-1.8.3/src/test/test-iface-derived.c
Examining data/caja-actions-1.8.3/src/test/test-iface-derived.h
Examining data/caja-actions-1.8.3/src/test/test-iface-iface.c
Examining data/caja-actions-1.8.3/src/test/test-iface-iface.h
Examining data/caja-actions-1.8.3/src/test/test-iface.c
Examining data/caja-actions-1.8.3/src/test/test-iface2.c
Examining data/caja-actions-1.8.3/src/test/test-module-plugin.c
Examining data/caja-actions-1.8.3/src/test/test-module.c
Examining data/caja-actions-1.8.3/src/test/test-parse-uris.c
Examining data/caja-actions-1.8.3/src/test/test-reader.c
Examining data/caja-actions-1.8.3/src/test/test-virtuals-without-test.c
Examining data/caja-actions-1.8.3/src/test/test-virtuals.c
Examining data/caja-actions-1.8.3/src/utils/caja-actions-new.c
Examining data/caja-actions-1.8.3/src/utils/caja-actions-print.c
Examining data/caja-actions-1.8.3/src/utils/caja-actions-run.c
Examining data/caja-actions-1.8.3/src/utils/console-utils.c
Examining data/caja-actions-1.8.3/src/utils/console-utils.h
Examining data/caja-actions-1.8.3/src/utils/na-print-schemas.c
Examining data/caja-actions-1.8.3/src/utils/na-set-conf.c
Examining data/caja-actions-1.8.3/tools/check-header.c
FINAL RESULTS:
data/caja-actions-1.8.3/src/core/na-icontext.c:1105:71: [4] (misc) getlogin:
It's often easy to fool getlogin. Sometimes it does not work at all,
because some program messed up the utmp file. Often, it gives only the
first 8 characters of the login name. The user currently logged in on the
controlling tty of our program need not be the user who started it. Avoid
getlogin() for security-related purposes (CWE-807). Use getpwuid(geteuid())
and extract the desired information instead.
match = na_selected_info_is_owner( NA_SELECTED_INFO( it->data ), getlogin());
data/caja-actions-1.8.3/src/core/na-settings.c:429:27: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
dir = g_build_filename( g_get_home_dir(), ".config", PACKAGE, NULL );
data/caja-actions-1.8.3/src/cact/cact-ienvironment-tab.c:883:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uinti = abs( atoi( gtk_entry_get_text( entry )));
data/caja-actions-1.8.3/src/cact/egg-sm-client-xsmp.c:212:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pid_str[64];
data/caja-actions-1.8.3/src/cact/egg-sm-client-xsmp.c:329:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_string_ret[256];
data/caja-actions-1.8.3/src/cact/egg-sm-client-xsmp.c:885:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (state_file_path, O_WRONLY | O_CREAT | O_EXCL, 0644);
data/caja-actions-1.8.3/src/core/na-boxed.c:1292:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
boxed->private->u.uint = string ? atoi( string ) : 0;
data/caja-actions-1.8.3/src/core/na-boxed.c:1393:96: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
boxed->private->u.uint_list = g_list_prepend( boxed->private->u.uint_list, GINT_TO_POINTER( atoi( *i )));
data/caja-actions-1.8.3/src/core/na-core-utils.c:72:55: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return( g_ascii_strcasecmp( string, "true" ) == 0 || atoi( string ) != 0 );
data/caja-actions-1.8.3/src/core/na-core-utils.c:809:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint_int = abs( atoi( dup2 ));
data/caja-actions-1.8.3/src/core/na-data-boxed.c:805:4: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi( def->default_value ),
data/caja-actions-1.8.3/src/core/na-data-boxed.c:816:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
default_value = atoi( boxed->private->data_def->default_value );
data/caja-actions-1.8.3/src/core/na-icontext.c:901:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
limit = atoi( selection_count+1 );
data/caja-actions-1.8.3/src/core/na-mate-vfs-uri.c:673:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bv[32];
data/caja-actions-1.8.3/src/core/na-object-item.c:791:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
version_uint = atoi( version_str );
data/caja-actions-1.8.3/src/core/na-settings.c:537:94: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
value = ( key_def->default_value ? ( strcasecmp( key_def->default_value, "true" ) == 0 || atoi( key_def->default_value ) != 0 ) : FALSE );
data/caja-actions-1.8.3/src/core/na-settings.c:665:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
value = atoi( key_def->default_value );
data/caja-actions-1.8.3/src/core/na-settings.c:708:51: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
value = g_list_append( NULL, GUINT_TO_POINTER( atoi( key_def->default_value )));
data/caja-actions-1.8.3/src/io-desktop/cadp-reader.c:560:92: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint_value = cadp_desktop_file_get_uint( nrd->ndf, group, def->desktop_entry, &found, atoi( def->default_value ));
data/caja-actions-1.8.3/src/utils/caja-actions-new.c:324:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ient, iadd, sizeof( GOptionEntry ));
data/caja-actions-1.8.3/src/utils/na-set-conf.c:243:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ivalue = atoi( value );
data/caja-actions-1.8.3/src/cact/base-gtk-utils.c:58:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_return_if_fail( wsp_name && strlen( wsp_name ));
data/caja-actions-1.8.3/src/cact/base-gtk-utils.c:79:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_return_if_fail( wsp_name && strlen( wsp_name ));
data/caja-actions-1.8.3/src/cact/base-gtk-utils.c:250:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( name && strlen( name )){
data/caja-actions-1.8.3/src/cact/base-gtk-utils.c:399:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( text && strlen( text )){
data/caja-actions-1.8.3/src/cact/base-gtk-utils.c:469:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( text && strlen( text )){
data/caja-actions-1.8.3/src/cact/base-iunique.c:188:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( unique_app_name && strlen( unique_app_name )){
data/caja-actions-1.8.3/src/cact/base-window.c:519:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( priv->wsp_name && strlen( priv->wsp_name )){
data/caja-actions-1.8.3/src/cact/base-window.c:743:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if( priv->toplevel_name && strlen( priv->toplevel_name )){
data/caja-actions-1.8.3/src/cact/base-window.c:870:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( priv->wsp_name && strlen( priv->wsp_name )){
data/caja-actions-1.8.3/src/cact/cact-assistant-export.c:442:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( uri && strlen( uri )){
data/caja-actions-1.8.3/src/cact/cact-assistant-export.c:624:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
enabled = ( uri && strlen( uri ) && na_core_utils_dir_is_writable_uri( uri ));
data/caja-actions-1.8.3/src/cact/cact-assistant-export.c:701:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_return_if_fail( window->private->uri && strlen( window->private->uri ));
data/caja-actions-1.8.3/src/cact/cact-assistant-export.c:765:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_return_if_fail( window->private->uri && strlen( window->private->uri ));
data/caja-actions-1.8.3/src/cact/cact-assistant-export.c:773:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_return_if_fail( str->format && strlen( str->format ));
data/caja-actions-1.8.3/src/cact/cact-assistant-export.c:778:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_return_if_fail( str->format && strlen( str->format ));
data/caja-actions-1.8.3/src/cact/cact-assistant-import.c:429:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( uri && strlen( uri )){
data/caja-actions-1.8.3/src/cact/cact-assistant-import.c:472:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( folder && strlen( folder )){
data/caja-actions-1.8.3/src/cact/cact-assistant-import.c:499:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( !strlen( uri )){
data/caja-actions-1.8.3/src/cact/cact-clipboard.c:516:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( buffer && strlen( buffer )){
data/caja-actions-1.8.3/src/cact/cact-clipboard.c:547:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( buffer && strlen( buffer )){
data/caja-actions-1.8.3/src/cact/cact-clipboard.c:591:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( buffer && strlen( buffer )){
data/caja-actions-1.8.3/src/cact/cact-clipboard.c:620:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_return_val_if_fail( format && strlen( format ), NULL );
data/caja-actions-1.8.3/src/cact/cact-clipboard.c:625:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_return_val_if_fail( format && strlen( format ), NULL );
data/caja-actions-1.8.3/src/cact/cact-clipboard.c:635:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( buffer && strlen( buffer )){
data/caja-actions-1.8.3/src/cact/cact-clipboard.c:819:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
selection_data_target, 8, ( const guchar * ) buffer, strlen( buffer ));
data/caja-actions-1.8.3/src/cact/cact-ienvironment-tab.c:480:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text = text && strlen( text ) ? text : g_strdup( "" );
data/caja-actions-1.8.3/src/cact/cact-ienvironment-tab.c:490:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text = text && strlen( text ) ? text : g_strdup( "" );
data/caja-actions-1.8.3/src/cact/cact-ienvironment-tab.c:497:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text = text && strlen( text ) ? text : g_strdup( "" );
data/caja-actions-1.8.3/src/cact/cact-ienvironment-tab.c:504:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text = text && strlen( text ) ? text : g_strdup( "" );
data/caja-actions-1.8.3/src/cact/cact-ienvironment-tab.c:998:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( ic->data )){
data/caja-actions-1.8.3/src/cact/cact-iproperties-tab.c:309:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( !shortcut || !strlen( shortcut )){
data/caja-actions-1.8.3/src/cact/cact-preferences-editor.c:890:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( editor->private->desktop && strlen( editor->private->desktop )){
data/caja-actions-1.8.3/src/cact/cact-tree-model-dnd.c:366:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
selection_data_target, 8, ( guchar * ) data, strlen( data ));
data/caja-actions-1.8.3/src/cact/cact-tree-model-dnd.c:503:79: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XDS_ATOM, TEXT_ATOM, 8, GDK_PROP_MODE_REPLACE, ( guchar * ) XDS_FILENAME, strlen( XDS_FILENAME ));
data/caja-actions-1.8.3/src/cact/egg-sm-client-xsmp.c:1163:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pv.length = strlen (value);
data/caja-actions-1.8.3/src/cact/egg-sm-client-xsmp.c:1196:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pv.length = strlen (values->pdata[i]);
data/caja-actions-1.8.3/src/cact/egg-sm-client-xsmp.c:1225:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prop->vals[0].length = strlen (value);
data/caja-actions-1.8.3/src/core/na-boxed.c:458:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( string && strlen( string )){
data/caja-actions-1.8.3/src/core/na-boxed.c:463:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( sdup[0] == '[' && sdup[strlen(sdup)-1] == ']' ){
data/caja-actions-1.8.3/src/core/na-boxed.c:465:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sdup[strlen(sdup)-1] = ' ';
data/caja-actions-1.8.3/src/core/na-boxed.c:473:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sdup[strlen(sdup)-1] = ' ';
data/caja-actions-1.8.3/src/core/na-core-utils.c:118:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( !strlen( tmp ) && default_value ){
data/caja-actions-1.8.3/src/core/na-core-utils.c:380:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
thispfx = ( prefix && strlen( prefix )) ? prefix : thisfn;
data/caja-actions-1.8.3/src/core/na-core-utils.c:585:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( text )){
data/caja-actions-1.8.3/src/core/na-core-utils.c:1101:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( target && strlen( target )){
data/caja-actions-1.8.3/src/core/na-data-boxed.c:594:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( boxed->private->data_def->default_value && strlen( boxed->private->data_def->default_value )){
data/caja-actions-1.8.3/src/core/na-data-boxed.c:663:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( boxed->private->data_def->default_value && strlen( boxed->private->data_def->default_value )){
data/caja-actions-1.8.3/src/core/na-data-boxed.c:664:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( value && strlen( value )){
data/caja-actions-1.8.3/src/core/na-data-boxed.c:673:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if( value && strlen( value )){
data/caja-actions-1.8.3/src/core/na-data-boxed.c:693:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( !value || !strlen( value )){
data/caja-actions-1.8.3/src/core/na-data-boxed.c:719:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( boxed->private->data_def->default_value && strlen( boxed->private->data_def->default_value )){
data/caja-actions-1.8.3/src/core/na-data-boxed.c:720:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( value && strlen( value )){
data/caja-actions-1.8.3/src/core/na-data-boxed.c:725:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if( value && strlen( value )){
data/caja-actions-1.8.3/src/core/na-data-boxed.c:742:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( !value || !strlen( value )){
data/caja-actions-1.8.3/src/core/na-data-boxed.c:758:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( value && strlen( value )){
data/caja-actions-1.8.3/src/core/na-data-boxed.c:855:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( !value || !strlen( value )){
data/caja-actions-1.8.3/src/core/na-desktop-environment.c:79:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( value && strlen( value )){
data/caja-actions-1.8.3/src/core/na-desktop-environment.c:95:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( value && strlen( value )){
data/caja-actions-1.8.3/src/core/na-desktop-environment.c:115:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok = ( exit_status == 0 && output_str && strlen( output_str ) && ( !error_str || !strlen( error_str )));
data/caja-actions-1.8.3/src/core/na-desktop-environment.c:115:85: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok = ( exit_status == 0 && output_str && strlen( output_str ) && ( !error_str || !strlen( error_str )));
data/caja-actions-1.8.3/src/core/na-desktop-environment.c:132:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok = ( exit_status == 0 && output_str && strlen( output_str ) && ( !error_str || !strlen( error_str )));
data/caja-actions-1.8.3/src/core/na-desktop-environment.c:132:85: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok = ( exit_status == 0 && output_str && strlen( output_str ) && ( !error_str || !strlen( error_str )));
data/caja-actions-1.8.3/src/core/na-desktop-environment.c:170:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_return_val_if_fail( id && strlen( id ), NULL );
data/caja-actions-1.8.3/src/core/na-factory-object.c:555:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l_prefix = strlen( prefix );
data/caja-actions-1.8.3/src/core/na-factory-object.c:561:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = MAX( length, strlen( def->name ));
data/caja-actions-1.8.3/src/core/na-gtk-utils.c:65:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( child_name && strlen( child_name ) && !g_ascii_strcasecmp( name, child_name )){
data/caja-actions-1.8.3/src/core/na-gtk-utils.c:144:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_return_if_fail( wsp_name && strlen( wsp_name ));
data/caja-actions-1.8.3/src/core/na-gtk-utils.c:208:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_return_if_fail( wsp_name && strlen( wsp_name ));
data/caja-actions-1.8.3/src/core/na-icontext.c:301:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( !im->data || !strlen( im->data )){
data/caja-actions-1.8.3/src/core/na-icontext.c:525:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( !environment || !strlen( environment )){
data/caja-actions-1.8.3/src/core/na-icontext.c:562:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( tryexec && strlen( tryexec )){
data/caja-actions-1.8.3/src/core/na-icontext.c:597:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( name && strlen( name )){
data/caja-actions-1.8.3/src/core/na-icontext.c:617:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( command && strlen( command )){
data/caja-actions-1.8.3/src/core/na-icontext.c:650:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( running && strlen( running )){
data/caja-actions-1.8.3/src/core/na-icontext.c:900:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( selection_count && strlen( selection_count )){
data/caja-actions-1.8.3/src/core/na-icontext.c:1178:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( !imtype || !strlen( imtype )){
data/caja-actions-1.8.3/src/core/na-io-provider.c:452:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( !id || !strlen( id )){
data/caja-actions-1.8.3/src/core/na-io-provider.c:526:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prefix_len = strlen( group_prefix );
data/caja-actions-1.8.3/src/core/na-io-provider.c:591:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_return_val_if_fail( id && strlen( id ), NULL );
data/caja-actions-1.8.3/src/core/na-mate-vfs-uri.c:105:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
set_uri_element (vfs, method_scanner, strlen (method_scanner));
data/caja-actions-1.8.3/src/core/na-mate-vfs-uri.c:142:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove (path + from_offset, path + i, strlen (path + i) + 1);
data/caja-actions-1.8.3/src/core/na-mate-vfs-uri.c:152:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert (current_offset <= strlen (path));
data/caja-actions-1.8.3/src/core/na-mate-vfs-uri.c:218:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (path == NULL || strlen (path) == 0) {
data/caja-actions-1.8.3/src/core/na-mate-vfs-uri.c:244:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (path + i + 2) + 1);
data/caja-actions-1.8.3/src/core/na-mate-vfs-uri.c:282:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (path + i + 2) + 1);
data/caja-actions-1.8.3/src/core/na-mate-vfs-uri.c:450:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen (uri);
data/caja-actions-1.8.3/src/core/na-mate-vfs-uri.c:546:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = g_malloc (strlen (escaped_string) + 1);
data/caja-actions-1.8.3/src/core/na-mate-vfs-uri.c:567:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert (out - result <= strlen (escaped_string));
data/caja-actions-1.8.3/src/core/na-mate-vfs-uri.c:910:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
host = g_ascii_strdown ((*host_return) + 1, strlen (*host_return) - 2);
data/caja-actions-1.8.3/src/core/na-mateconf-utils.c:748:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( !tmp_string || strlen( tmp_string ) < 3 ){
data/caja-actions-1.8.3/src/core/na-mateconf-utils.c:753:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( tmp_string[0] != '[' || tmp_string[strlen(tmp_string)-1] != ']' ){
data/caja-actions-1.8.3/src/core/na-mateconf-utils.c:759:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp_string[strlen(tmp_string)-1] = '\0';
data/caja-actions-1.8.3/src/core/na-object-item.c:786:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( !version_str || !strlen( version_str )){
data/caja-actions-1.8.3/src/core/na-object-profile.c:475:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( iter ) > 0 &&
data/caja-actions-1.8.3/src/core/na-object-profile.c:476:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
( iter = g_strstr_len( iter, strlen( iter ), "%" )) != NULL ){
data/caja-actions-1.8.3/src/core/na-object-profile.c:485:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( iter, iter+3, strlen( iter ));
data/caja-actions-1.8.3/src/core/na-object-profile.c:485:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy( iter, iter+3, strlen( iter ));
data/caja-actions-1.8.3/src/core/na-pivot.c:494:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( !id || !strlen( id )){
data/caja-actions-1.8.3/src/core/na-settings.c:622:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( key_def && key_def->default_value && strlen( key_def->default_value )){
data/caja-actions-1.8.3/src/core/na-tokens.c:644:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( pattern && strlen( pattern )){
data/caja-actions-1.8.3/src/core/na-tokens.c:757:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( !strlen( input )){
data/caja-actions-1.8.3/src/core/na-tokens.c:766:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
output = g_string_append_len( output, prev_iter, strlen( prev_iter ) - strlen( iter ));
data/caja-actions-1.8.3/src/core/na-tokens.c:766:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
output = g_string_append_len( output, prev_iter, strlen( prev_iter ) - strlen( iter ));
data/caja-actions-1.8.3/src/core/na-tokens.c:922:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
output = g_string_append_len( output, prev_iter, strlen( prev_iter ));
data/caja-actions-1.8.3/src/io-desktop/cadp-desktop-file.c:508:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( !type || !strlen( type )){
data/caja-actions-1.8.3/src/io-desktop/cadp-desktop-file.c:518:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_return_val_if_fail( type && strlen( type ), FALSE );
data/caja-actions-1.8.3/src/io-desktop/cadp-desktop-file.c:604:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pfx_len = strlen( profile_pfx );
data/caja-actions-1.8.3/src/io-desktop/cadp-desktop-file.c:1059:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( !strncmp( locales[i], prefix, strlen( prefix ))){
data/caja-actions-1.8.3/src/io-desktop/cadp-writer.c:524:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( def->desktop_entry && strlen( def->desktop_entry )){
data/caja-actions-1.8.3/src/plugin-menu/caja-actions.c:677:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( old[0] == '[' && old[strlen(old)-1] == ']' ){
data/caja-actions-1.8.3/src/plugin-menu/caja-module.c:153:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( log_domain && strlen( log_domain )){
data/caja-actions-1.8.3/src/plugin-tracker/na-tracker-plugin.c:130:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( log_domain && strlen( log_domain )){
data/caja-actions-1.8.3/src/test/test-reader.c:165:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( !uri || !strlen( uri )){
data/caja-actions-1.8.3/src/utils/caja-actions-new.c:247:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( accept_multiple && strlen( selection_count )){
data/caja-actions-1.8.3/src/utils/caja-actions-new.c:477:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( selection_count )){
data/caja-actions-1.8.3/src/utils/caja-actions-new.c:505:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( i = 0 ; onlyshow_array[i] && strlen( onlyshow_array[i] ) ; ++i ){
data/caja-actions-1.8.3/src/utils/caja-actions-new.c:516:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( i = 0 ; notshow_array[i] && strlen( notshow_array[i] ) ; ++i ){
data/caja-actions-1.8.3/src/utils/caja-actions-new.c:525:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( try_exec && strlen( try_exec )){
data/caja-actions-1.8.3/src/utils/caja-actions-new.c:529:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( show_registered && strlen( show_registered )){
data/caja-actions-1.8.3/src/utils/caja-actions-new.c:533:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( show_true && strlen( show_true )){
data/caja-actions-1.8.3/src/utils/caja-actions-new.c:537:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( show_running && strlen( show_running )){
data/caja-actions-1.8.3/src/utils/caja-actions-new.c:543:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( i = 0 ; capability_array[i] && strlen( capability_array[i] ) ; ++i ){
data/caja-actions-1.8.3/src/utils/caja-actions-print.c:125:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( !id || !strlen( id )){
data/caja-actions-1.8.3/src/utils/caja-actions-print.c:135:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( !format || !strlen( format )){
data/caja-actions-1.8.3/src/utils/caja-actions-run.c:126:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( !id || !strlen( id )){
ANALYSIS SUMMARY:
Hits = 146
Lines analyzed = 84292 in approximately 2.04 seconds (41351 lines/second)
Physical Source Lines of Code (SLOC) = 48454
Hits@level = [0] 5 [1] 125 [2] 19 [3] 1 [4] 1 [5] 0
Hits@level+ = [0+] 151 [1+] 146 [2+] 21 [3+] 2 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 3.11636 [1+] 3.01317 [2+] 0.433401 [3+] 0.0412763 [4+] 0.0206381 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.