stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/cinnamon-desktop-4.6.4/libcinnamon-desktop/cdesktop-enums.h
Examining data/cinnamon-desktop-4.6.4/libcinnamon-desktop/cinnamon-rr-debug.c
Examining data/cinnamon-desktop-4.6.4/libcinnamon-desktop/display-name.c
Examining data/cinnamon-desktop-4.6.4/libcinnamon-desktop/edid-parse.c
Examining data/cinnamon-desktop-4.6.4/libcinnamon-desktop/edid.h
Examining data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-bg-crossfade.c
Examining data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-bg-crossfade.h
Examining data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-bg.c
Examining data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-bg.h
Examining data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-datetime-source.c
Examining data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-datetime-source.h
Examining data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-desktop-thumbnail.c
Examining data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-desktop-thumbnail.h
Examining data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-desktop-utils.c
Examining data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-desktop-utils.h
Examining data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-installer.c
Examining data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-installer.h
Examining data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-pnp-ids.c
Examining data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-pnp-ids.h
Examining data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-rr-config.c
Examining data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-rr-config.h
Examining data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-rr-labeler.c
Examining data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-rr-labeler.h
Examining data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-rr-output-info.c
Examining data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-rr-private.h
Examining data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-rr.c
Examining data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-rr.h
Examining data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-thumbnail-pixbuf-utils.c
Examining data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-wall-clock.c
Examining data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-wall-clock.h
Examining data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-xkb-info.c
Examining data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-xkb-info.h
Examining data/cinnamon-desktop-4.6.4/libcinnamon-desktop/private.h
Examining data/cinnamon-desktop-4.6.4/libcinnamon-desktop/test-pnp-ids.c
Examining data/cinnamon-desktop-4.6.4/libcinnamon-desktop/test-wall-clock.c
Examining data/cinnamon-desktop-4.6.4/libcinnamon-desktop/test-xkb-info.c
Examining data/cinnamon-desktop-4.6.4/libcvc/gvc-channel-map-private.h
Examining data/cinnamon-desktop-4.6.4/libcvc/gvc-channel-map.c
Examining data/cinnamon-desktop-4.6.4/libcvc/gvc-channel-map.h
Examining data/cinnamon-desktop-4.6.4/libcvc/gvc-mixer-card-private.h
Examining data/cinnamon-desktop-4.6.4/libcvc/gvc-mixer-card.c
Examining data/cinnamon-desktop-4.6.4/libcvc/gvc-mixer-card.h
Examining data/cinnamon-desktop-4.6.4/libcvc/gvc-mixer-control-private.h
Examining data/cinnamon-desktop-4.6.4/libcvc/gvc-mixer-control.c
Examining data/cinnamon-desktop-4.6.4/libcvc/gvc-mixer-control.h
Examining data/cinnamon-desktop-4.6.4/libcvc/gvc-mixer-event-role.c
Examining data/cinnamon-desktop-4.6.4/libcvc/gvc-mixer-event-role.h
Examining data/cinnamon-desktop-4.6.4/libcvc/gvc-mixer-sink-input.c
Examining data/cinnamon-desktop-4.6.4/libcvc/gvc-mixer-sink-input.h
Examining data/cinnamon-desktop-4.6.4/libcvc/gvc-mixer-sink.c
Examining data/cinnamon-desktop-4.6.4/libcvc/gvc-mixer-sink.h
Examining data/cinnamon-desktop-4.6.4/libcvc/gvc-mixer-source-output.c
Examining data/cinnamon-desktop-4.6.4/libcvc/gvc-mixer-source-output.h
Examining data/cinnamon-desktop-4.6.4/libcvc/gvc-mixer-source.c
Examining data/cinnamon-desktop-4.6.4/libcvc/gvc-mixer-source.h
Examining data/cinnamon-desktop-4.6.4/libcvc/gvc-mixer-stream-private.h
Examining data/cinnamon-desktop-4.6.4/libcvc/gvc-mixer-stream.c
Examining data/cinnamon-desktop-4.6.4/libcvc/gvc-mixer-stream.h
Examining data/cinnamon-desktop-4.6.4/libcvc/gvc-mixer-ui-device.c
Examining data/cinnamon-desktop-4.6.4/libcvc/gvc-mixer-ui-device.h
Examining data/cinnamon-desktop-4.6.4/libcvc/gvc-pulseaudio-fake.h

FINAL RESULTS:

data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-desktop-thumbnail.c:1344:15:  [5] (race) chown:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchown( ) instead.
        res = chown (path,
data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-desktop-thumbnail.c:1752:11:  [5] (race) chown:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchown( ) instead.
    res = chown (path, uid, gid);
data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-desktop-thumbnail.c:816:41:  [3] (buffer) g_get_home_dir:
  This function is synonymous with 'getenv("HOME")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
              g_strcmp0 (pwent->pw_dir, g_get_home_dir ()) == 0;
data/cinnamon-desktop-4.6.4/libcinnamon-desktop/edid.h:110:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char		manufacturer_code[4];
data/cinnamon-desktop-4.6.4/libcinnamon-desktop/edid.h:186:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char		dsc_serial_number[14];
data/cinnamon-desktop-4.6.4/libcinnamon-desktop/edid.h:187:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char		dsc_product_name[14];
data/cinnamon-desktop-4.6.4/libcinnamon-desktop/edid.h:188:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char		dsc_string[14];		/* Unspecified ASCII data */
data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-bg.c:2815:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy (d, gradient, copy_bytes_per_row);
data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-bg.c:2931:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				size->width = atoi (attr_values[i]);
data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-bg.c:2933:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				size->height = atoi (attr_values[i]);
data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-desktop-thumbnail.c:1217:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char dimension[12];
data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-desktop-thumbnail.c:1458:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char mtime_str[21];
data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-desktop-thumbnail.c:1567:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char mtime_str[21];
data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-desktop-thumbnail.c:1740:17:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  thumb_mtime = atol (thumb_mtime_str);
data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-desktop-utils.c:151:33:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                real_argv[i] = (char *)the_argv[j];
data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-pnp-ids.c:43:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char vendor_id[4];
data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-pnp-ids.c:44:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char vendor_name[28];
data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-rr-config.c:614:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy (output->priv->vendor, "???");
data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-rr.c:1834:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy (&now, prop, sizeof (guint));
data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-rr.c:2701:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (gamma->red, red, copy_size);
data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-rr.c:2702:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (gamma->green, green, copy_size);
data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-rr.c:2703:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (gamma->blue, blue, copy_size);
data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-rr.c:2728:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy (r, gamma->red, copy_size);
data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-rr.c:2734:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy (g, gamma->green, copy_size);
data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-rr.c:2740:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy (b, gamma->blue, copy_size);
data/cinnamon-desktop-4.6.4/libcvc/gvc-mixer-control.c:1456:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char            map_buff[PA_CHANNEL_MAP_SNPRINT_MAX];
data/cinnamon-desktop-4.6.4/libcvc/gvc-mixer-stream.c:918:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char           t[16];
data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-bg.c:753:89:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	md5_filename = g_compute_checksum_for_data (G_CHECKSUM_MD5, (const guchar *) filename, strlen (filename));
data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-bg.c:1691:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		                 (guchar *) string, strlen (string) + 1);
data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-desktop-thumbnail.c:923:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  g_checksum_update (checksum, (const guchar *) uri, strlen (uri));
data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-desktop-thumbnail.c:982:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  g_checksum_update (checksum, (const guchar *) uri, strlen (uri));
data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-desktop-thumbnail.c:1466:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  g_checksum_update (checksum, (const guchar *) uri, strlen (uri));
data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-desktop-thumbnail.c:1575:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  g_checksum_update (checksum, (const guchar *) uri, strlen (uri));
data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-desktop-thumbnail.c:1648:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                      strlen (uri));
data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-rr-config.c:291:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy ((gchar*) parser->output->priv->vendor, text, 3);
data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-xkb-info.c:371:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    replace = strlen (new_layout->description) < strlen (layout->description);
data/cinnamon-desktop-4.6.4/libcinnamon-desktop/gnome-xkb-info.c:371:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    replace = strlen (new_layout->description) < strlen (layout->description);

ANALYSIS SUMMARY:

Hits = 37
Lines analyzed = 26482 in approximately 0.59 seconds (44660 lines/second)
Physical Source Lines of Code (SLOC) = 18759
Hits@level = [0]   1 [1]  10 [2]  24 [3]   1 [4]   0 [5]   2
Hits@level+ = [0+]  38 [1+]  37 [2+]  27 [3+]   3 [4+]   2 [5+]   2
Hits/KSLOC@level+ = [0+] 2.02569 [1+] 1.97239 [2+] 1.43931 [3+] 0.159923 [4+] 0.106615 [5+] 0.106615
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.