stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/eom-1.24.1/cut-n-paste/toolbar-editor/egg-editable-toolbar.c
Examining data/eom-1.24.1/cut-n-paste/toolbar-editor/egg-editable-toolbar.h
Examining data/eom-1.24.1/cut-n-paste/toolbar-editor/egg-toolbar-editor.c
Examining data/eom-1.24.1/cut-n-paste/toolbar-editor/egg-toolbar-editor.h
Examining data/eom-1.24.1/cut-n-paste/toolbar-editor/egg-toolbars-model.c
Examining data/eom-1.24.1/cut-n-paste/toolbar-editor/egg-toolbars-model.h
Examining data/eom-1.24.1/jpegutils/jpegint-8a.h
Examining data/eom-1.24.1/jpegutils/jpegint.h
Examining data/eom-1.24.1/jpegutils/transupp-6b.c
Examining data/eom-1.24.1/jpegutils/transupp-6b.h
Examining data/eom-1.24.1/jpegutils/transupp-8a.c
Examining data/eom-1.24.1/jpegutils/transupp-8a.h
Examining data/eom-1.24.1/jpegutils/transupp.h
Examining data/eom-1.24.1/plugins/fullscreen/eom-fullscreen-plugin.c
Examining data/eom-1.24.1/plugins/fullscreen/eom-fullscreen-plugin.h
Examining data/eom-1.24.1/plugins/reload/eom-reload-plugin.c
Examining data/eom-1.24.1/plugins/reload/eom-reload-plugin.h
Examining data/eom-1.24.1/plugins/statusbar-date/eom-statusbar-date-plugin.c
Examining data/eom-1.24.1/plugins/statusbar-date/eom-statusbar-date-plugin.h
Examining data/eom-1.24.1/src/eom-application-activatable.c
Examining data/eom-1.24.1/src/eom-application-activatable.h
Examining data/eom-1.24.1/src/eom-application-internal.h
Examining data/eom-1.24.1/src/eom-application.c
Examining data/eom-1.24.1/src/eom-application.h
Examining data/eom-1.24.1/src/eom-clipboard-handler.c
Examining data/eom-1.24.1/src/eom-clipboard-handler.h
Examining data/eom-1.24.1/src/eom-close-confirmation-dialog.c
Examining data/eom-1.24.1/src/eom-close-confirmation-dialog.h
Examining data/eom-1.24.1/src/eom-config-keys.h
Examining data/eom-1.24.1/src/eom-debug.c
Examining data/eom-1.24.1/src/eom-debug.h
Examining data/eom-1.24.1/src/eom-enums.h
Examining data/eom-1.24.1/src/eom-error-message-area.c
Examining data/eom-1.24.1/src/eom-error-message-area.h
Examining data/eom-1.24.1/src/eom-exif-util.c
Examining data/eom-1.24.1/src/eom-exif-util.h
Examining data/eom-1.24.1/src/eom-file-chooser.c
Examining data/eom-1.24.1/src/eom-file-chooser.h
Examining data/eom-1.24.1/src/eom-image-jpeg.c
Examining data/eom-1.24.1/src/eom-image-jpeg.h
Examining data/eom-1.24.1/src/eom-image-private.h
Examining data/eom-1.24.1/src/eom-image-save-info.c
Examining data/eom-1.24.1/src/eom-image-save-info.h
Examining data/eom-1.24.1/src/eom-image.c
Examining data/eom-1.24.1/src/eom-image.h
Examining data/eom-1.24.1/src/eom-job-queue.c
Examining data/eom-1.24.1/src/eom-job-queue.h
Examining data/eom-1.24.1/src/eom-jobs.c
Examining data/eom-1.24.1/src/eom-jobs.h
Examining data/eom-1.24.1/src/eom-list-store.c
Examining data/eom-1.24.1/src/eom-list-store.h
Examining data/eom-1.24.1/src/eom-metadata-details.c
Examining data/eom-1.24.1/src/eom-metadata-details.h
Examining data/eom-1.24.1/src/eom-metadata-reader-jpg.c
Examining data/eom-1.24.1/src/eom-metadata-reader-jpg.h
Examining data/eom-1.24.1/src/eom-metadata-reader-png.c
Examining data/eom-1.24.1/src/eom-metadata-reader-png.h
Examining data/eom-1.24.1/src/eom-metadata-reader.c
Examining data/eom-1.24.1/src/eom-metadata-reader.h
Examining data/eom-1.24.1/src/eom-metadata-sidebar.c
Examining data/eom-1.24.1/src/eom-metadata-sidebar.h
Examining data/eom-1.24.1/src/eom-pixbuf-util.c
Examining data/eom-1.24.1/src/eom-pixbuf-util.h
Examining data/eom-1.24.1/src/eom-plugin-engine.c
Examining data/eom-1.24.1/src/eom-plugin-engine.h
Examining data/eom-1.24.1/src/eom-preferences-dialog.c
Examining data/eom-1.24.1/src/eom-preferences-dialog.h
Examining data/eom-1.24.1/src/eom-print-image-setup.c
Examining data/eom-1.24.1/src/eom-print-image-setup.h
Examining data/eom-1.24.1/src/eom-print-preview.c
Examining data/eom-1.24.1/src/eom-print-preview.h
Examining data/eom-1.24.1/src/eom-print.c
Examining data/eom-1.24.1/src/eom-print.h
Examining data/eom-1.24.1/src/eom-properties-dialog.c
Examining data/eom-1.24.1/src/eom-properties-dialog.h
Examining data/eom-1.24.1/src/eom-save-as-dialog-helper.c
Examining data/eom-1.24.1/src/eom-save-as-dialog-helper.h
Examining data/eom-1.24.1/src/eom-scroll-view.c
Examining data/eom-1.24.1/src/eom-scroll-view.h
Examining data/eom-1.24.1/src/eom-session.c
Examining data/eom-1.24.1/src/eom-session.h
Examining data/eom-1.24.1/src/eom-sidebar.c
Examining data/eom-1.24.1/src/eom-sidebar.h
Examining data/eom-1.24.1/src/eom-statusbar.c
Examining data/eom-1.24.1/src/eom-statusbar.h
Examining data/eom-1.24.1/src/eom-thumb-nav.c
Examining data/eom-1.24.1/src/eom-thumb-nav.h
Examining data/eom-1.24.1/src/eom-thumb-view.c
Examining data/eom-1.24.1/src/eom-thumb-view.h
Examining data/eom-1.24.1/src/eom-thumbnail.c
Examining data/eom-1.24.1/src/eom-thumbnail.h
Examining data/eom-1.24.1/src/eom-transform.c
Examining data/eom-1.24.1/src/eom-transform.h
Examining data/eom-1.24.1/src/eom-uri-converter.c
Examining data/eom-1.24.1/src/eom-uri-converter.h
Examining data/eom-1.24.1/src/eom-util.c
Examining data/eom-1.24.1/src/eom-util.h
Examining data/eom-1.24.1/src/eom-window-activatable.c
Examining data/eom-1.24.1/src/eom-window-activatable.h
Examining data/eom-1.24.1/src/eom-window.c
Examining data/eom-1.24.1/src/eom-window.h
Examining data/eom-1.24.1/src/main.c
Examining data/eom-1.24.1/src/zoom.c
Examining data/eom-1.24.1/src/zoom.h
Examining data/eom-1.24.1/thumbnailer/eom-thumbnailer.c

FINAL RESULTS:

data/eom-1.24.1/src/eom-image.c:1445:36:  [3] (buffer) g_get_tmp_dir:
  This function is synonymous with 'getenv("TMP")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
	tmp_file_path = g_build_filename (g_get_tmp_dir (), "eom-save-XXXXXX", NULL);
data/eom-1.24.1/src/eom-thumb-view.c:980:43:  [3] (random) g_random_int_range:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
			path = gtk_tree_path_new_from_indices (g_random_int_range (0, n_items), -1);
data/eom-1.24.1/src/eom-thumb-view.c:1018:43:  [3] (random) g_random_int_range:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
			path = gtk_tree_path_new_from_indices (g_random_int_range (0, n_items), -1);
data/eom-1.24.1/cut-n-paste/toolbar-editor/egg-editable-toolbar.c:865:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char action_name[40];
data/eom-1.24.1/cut-n-paste/toolbar-editor/egg-editable-toolbar.c:949:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(action_name, "ToolbarToggle%d", i);
data/eom-1.24.1/src/eom-file-chooser.c:267:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			bytes = atoi (bytes_str);
data/eom-1.24.1/src/eom-file-chooser.c:279:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			pixels = atoi (height);
data/eom-1.24.1/src/eom-image-jpeg.c:81:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[JMSG_LENGTH_MAX];
data/eom-1.24.1/src/eom-image-jpeg.c:233:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	input_file = fopen (infile_uri, "rb");
data/eom-1.24.1/src/eom-image-jpeg.c:242:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	output_file = fopen (file, "wb");
data/eom-1.24.1/src/eom-image-jpeg.c:379:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	outfile = fopen (file, "wb");
data/eom-1.24.1/src/eom-image-jpeg.c:460:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy (&(buf[j*3]), &(ptr[i*rowstride + j*(rowstride/w)]), 3);
data/eom-1.24.1/src/eom-image.c:1579:16:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
		      GFile *tmpfile,
data/eom-1.24.1/src/eom-image.c:1588:36:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
	tmp_file_restore_unix_attributes (tmpfile, file);
data/eom-1.24.1/src/eom-image.c:1591:24:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
	result = g_file_move (tmpfile,
data/eom-1.24.1/src/eom-image.c:1618:25:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
tmp_file_delete (GFile *tmpfile)
data/eom-1.24.1/src/eom-image.c:1625:26:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
	result = g_file_delete (tmpfile, NULL, &err);
data/eom-1.24.1/src/eom-image.c:1635:35:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
		tmpfile_path = g_file_get_path (tmpfile);
data/eom-1.24.1/src/eom-metadata-details.c:470:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char b[1024];
data/eom-1.24.1/src/eom-metadata-reader-jpg.c:190:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy ((guchar*) (chunk) + priv->bytes_read, &buf[*i], priv->size);
data/eom-1.24.1/src/eom-metadata-reader-jpg.c:195:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy ((guchar*) (chunk) + priv->bytes_read, &buf[*i], chunk_len);
data/eom-1.24.1/src/eom-metadata-reader-png.c:172:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy ((guchar*) (chunk) + priv->bytes_read, &buf[*i], priv->size);
data/eom-1.24.1/src/eom-metadata-reader-png.c:178:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy ((guchar*) (chunk) + priv->bytes_read, &buf[*i], chunk_len);
data/eom-1.24.1/cut-n-paste/toolbar-editor/egg-editable-toolbar.c:281:121:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      gtk_selection_data_set (selection_data, gtk_selection_data_get_target (selection_data), 8, (unsigned char *)data, strlen (data));
data/eom-1.24.1/cut-n-paste/toolbar-editor/egg-toolbar-editor.c:327:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			  (const guchar *) target, strlen (target));
data/eom-1.24.1/cut-n-paste/toolbar-editor/egg-toolbar-editor.c:337:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  q = result = g_malloc (strlen (original) + 1);
data/eom-1.24.1/src/eom-exif-util.c:118:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (p == date + strlen (date)) {
data/eom-1.24.1/src/eom-pixbuf-util.c:81:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen (extensions[i]) <= 3) {
data/eom-1.24.1/src/eom-pixbuf-util.c:110:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen (suffix_start) - 1;
data/eom-1.24.1/src/eom-save-as-dialog-helper.c:112:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	enable_save = (strlen (gtk_entry_get_text (GTK_ENTRY (data->token_entry))) > 0);
data/eom-1.24.1/src/eom-uri-converter.c:577:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen (basename) - len - 1;
data/eom-1.24.1/src/eom-util.c:91:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	remaining_bytes = strlen (str);

ANALYSIS SUMMARY:

Hits = 32
Lines analyzed = 40123 in approximately 1.02 seconds (39279 lines/second)
Physical Source Lines of Code (SLOC) = 28158
Hits@level = [0]   4 [1]   9 [2]  20 [3]   3 [4]   0 [5]   0
Hits@level+ = [0+]  36 [1+]  32 [2+]  23 [3+]   3 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 1.2785 [1+] 1.13644 [2+] 0.816819 [3+] 0.106542 [4+]   0 [5+]   0
Dot directories skipped = 3 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.