Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gconf-editor-3.0.1/src/gconf-search.c
Examining data/gconf-editor-3.0.1/src/gconf-util.c
Examining data/gconf-editor-3.0.1/src/gconf-marshal.h
Examining data/gconf-editor-3.0.1/src/gconf-tree-model.h
Examining data/gconf-editor-3.0.1/src/gconf-bookmarks.h
Examining data/gconf-editor-3.0.1/src/gconf-policykit.h
Examining data/gconf-editor-3.0.1/src/gconf-editor-application.h
Examining data/gconf-editor-3.0.1/src/gconf-bookmarks.c
Examining data/gconf-editor-3.0.1/src/gconf-key-editor.h
Examining data/gconf-editor-3.0.1/src/gconf-bookmarks-dialog.h
Examining data/gconf-editor-3.0.1/src/gconf-editor-application.c
Examining data/gconf-editor-3.0.1/src/gconf-bookmarks-dialog.c
Examining data/gconf-editor-3.0.1/src/gconf-cell-renderer.h
Examining data/gconf-editor-3.0.1/src/gconf-policykit.c
Examining data/gconf-editor-3.0.1/src/gconf-marshal.c
Examining data/gconf-editor-3.0.1/src/gconf-util.h
Examining data/gconf-editor-3.0.1/src/gconf-editor-window.c
Examining data/gconf-editor-3.0.1/src/gconf-cell-renderer.c
Examining data/gconf-editor-3.0.1/src/gconf-tree-model.c
Examining data/gconf-editor-3.0.1/src/gconf-search.h
Examining data/gconf-editor-3.0.1/src/gconf-stock-icons.c
Examining data/gconf-editor-3.0.1/src/gconf-stock-icons.h
Examining data/gconf-editor-3.0.1/src/gedit-output-window.c
Examining data/gconf-editor-3.0.1/src/main.c
Examining data/gconf-editor-3.0.1/src/gconf-search-dialog.h
Examining data/gconf-editor-3.0.1/src/gconf-list-model.h
Examining data/gconf-editor-3.0.1/src/gconf-key-editor.c
Examining data/gconf-editor-3.0.1/src/gconf-search-dialog.c
Examining data/gconf-editor-3.0.1/src/gconf-editor-window.h
Examining data/gconf-editor-3.0.1/src/gedit-output-window.h
Examining data/gconf-editor-3.0.1/src/gconf-list-model.c

FINAL RESULTS:

data/gconf-editor-3.0.1/src/gconf-list-model.c:419:17:  [3] (random) g_random_int:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	model->stamp = g_random_int ();
data/gconf-editor-3.0.1/src/main.c:32:27:  [3] (buffer) g_get_home_dir:
  This function is synonymous with 'getenv("HOME")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
	return g_build_filename (g_get_home_dir (), ".gnome2", "accels", PACKAGE, NULL);
data/gconf-editor-3.0.1/src/gconf-editor-window.c:137:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!key || strlen (key) < 2)
data/gconf-editor-3.0.1/src/gconf-editor-window.c:891:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen (name) > 0) {
data/gconf-editor-3.0.1/src/gconf-editor-window.c:1064:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	end = text + strlen (text);
data/gconf-editor-3.0.1/src/gconf-key-editor.c:1009:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (key_path[strlen(key_path) - 1] != '/') {
data/gconf-editor-3.0.1/src/gconf-list-model.c:68:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strncmp (key, list_model->root_path, strlen (list_model->root_path)) != 0)
data/gconf-editor-3.0.1/src/gconf-tree-model.c:62:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen (key) == 1 && key[0] == '/')
data/gconf-editor-3.0.1/src/gconf-tree-model.c:125:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ptr = node->path + strlen (node->path);
data/gconf-editor-3.0.1/src/gconf-tree-model.c:282:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			ptr = node->path + strlen (node->path);
data/gconf-editor-3.0.1/src/gconf-util.c:51:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ptr = path + strlen (path);

ANALYSIS SUMMARY:

Hits = 11
Lines analyzed = 7395 in approximately 0.19 seconds (38429 lines/second)
Physical Source Lines of Code (SLOC) = 5307
Hits@level = [0]   0 [1]   9 [2]   0 [3]   2 [4]   0 [5]   0
Hits@level+ = [0+]  11 [1+]  11 [2+]   2 [3+]   2 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 2.07273 [1+] 2.07273 [2+] 0.376861 [3+] 0.376861 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.