stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gedit-3.38.0/gedit/gedit-app-activatable.c
Examining data/gedit-3.38.0/gedit/gedit-app-activatable.h
Examining data/gedit-3.38.0/gedit/gedit-app-osx.h
Examining data/gedit-3.38.0/gedit/gedit-app-private.h
Examining data/gedit-3.38.0/gedit/gedit-app-win32.c
Examining data/gedit-3.38.0/gedit/gedit-app-win32.h
Examining data/gedit-3.38.0/gedit/gedit-app.c
Examining data/gedit-3.38.0/gedit/gedit-app.h
Examining data/gedit-3.38.0/gedit/gedit-close-confirmation-dialog.c
Examining data/gedit-3.38.0/gedit/gedit-close-confirmation-dialog.h
Examining data/gedit-3.38.0/gedit/gedit-commands-documents.c
Examining data/gedit-3.38.0/gedit/gedit-commands-edit.c
Examining data/gedit-3.38.0/gedit/gedit-commands-file-print.c
Examining data/gedit-3.38.0/gedit/gedit-commands-file.c
Examining data/gedit-3.38.0/gedit/gedit-commands-help.c
Examining data/gedit-3.38.0/gedit/gedit-commands-private.h
Examining data/gedit-3.38.0/gedit/gedit-commands-search.c
Examining data/gedit-3.38.0/gedit/gedit-commands-view.c
Examining data/gedit-3.38.0/gedit/gedit-commands.h
Examining data/gedit-3.38.0/gedit/gedit-debug.c
Examining data/gedit-3.38.0/gedit/gedit-debug.h
Examining data/gedit-3.38.0/gedit/gedit-document-private.h
Examining data/gedit-3.38.0/gedit/gedit-document.c
Examining data/gedit-3.38.0/gedit/gedit-document.h
Examining data/gedit-3.38.0/gedit/gedit-documents-panel.c
Examining data/gedit-3.38.0/gedit/gedit-documents-panel.h
Examining data/gedit-3.38.0/gedit/gedit-encoding-items.c
Examining data/gedit-3.38.0/gedit/gedit-encoding-items.h
Examining data/gedit-3.38.0/gedit/gedit-encodings-combo-box.c
Examining data/gedit-3.38.0/gedit/gedit-encodings-combo-box.h
Examining data/gedit-3.38.0/gedit/gedit-encodings-dialog.c
Examining data/gedit-3.38.0/gedit/gedit-encodings-dialog.h
Examining data/gedit-3.38.0/gedit/gedit-factory.c
Examining data/gedit-3.38.0/gedit/gedit-factory.h
Examining data/gedit-3.38.0/gedit/gedit-file-chooser-dialog-gtk.c
Examining data/gedit-3.38.0/gedit/gedit-file-chooser-dialog-gtk.h
Examining data/gedit-3.38.0/gedit/gedit-file-chooser-dialog.c
Examining data/gedit-3.38.0/gedit/gedit-file-chooser-dialog.h
Examining data/gedit-3.38.0/gedit/gedit-file-chooser-open-dialog.c
Examining data/gedit-3.38.0/gedit/gedit-file-chooser-open-dialog.h
Examining data/gedit-3.38.0/gedit/gedit-file-chooser-open-native.c
Examining data/gedit-3.38.0/gedit/gedit-file-chooser-open-native.h
Examining data/gedit-3.38.0/gedit/gedit-file-chooser-open.c
Examining data/gedit-3.38.0/gedit/gedit-file-chooser-open.h
Examining data/gedit-3.38.0/gedit/gedit-file-chooser.c
Examining data/gedit-3.38.0/gedit/gedit-file-chooser.h
Examining data/gedit-3.38.0/gedit/gedit-highlight-mode-dialog.c
Examining data/gedit-3.38.0/gedit/gedit-highlight-mode-dialog.h
Examining data/gedit-3.38.0/gedit/gedit-highlight-mode-selector.c
Examining data/gedit-3.38.0/gedit/gedit-highlight-mode-selector.h
Examining data/gedit-3.38.0/gedit/gedit-history-entry.c
Examining data/gedit-3.38.0/gedit/gedit-history-entry.h
Examining data/gedit-3.38.0/gedit/gedit-io-error-info-bar.c
Examining data/gedit-3.38.0/gedit/gedit-io-error-info-bar.h
Examining data/gedit-3.38.0/gedit/gedit-menu-extension.c
Examining data/gedit-3.38.0/gedit/gedit-menu-extension.h
Examining data/gedit-3.38.0/gedit/gedit-menu-stack-switcher.c
Examining data/gedit-3.38.0/gedit/gedit-menu-stack-switcher.h
Examining data/gedit-3.38.0/gedit/gedit-message-bus.c
Examining data/gedit-3.38.0/gedit/gedit-message-bus.h
Examining data/gedit-3.38.0/gedit/gedit-message.c
Examining data/gedit-3.38.0/gedit/gedit-message.h
Examining data/gedit-3.38.0/gedit/gedit-multi-notebook.c
Examining data/gedit-3.38.0/gedit/gedit-multi-notebook.h
Examining data/gedit-3.38.0/gedit/gedit-notebook-popup-menu.c
Examining data/gedit-3.38.0/gedit/gedit-notebook-popup-menu.h
Examining data/gedit-3.38.0/gedit/gedit-notebook-stack-switcher.c
Examining data/gedit-3.38.0/gedit/gedit-notebook-stack-switcher.h
Examining data/gedit-3.38.0/gedit/gedit-notebook.c
Examining data/gedit-3.38.0/gedit/gedit-notebook.h
Examining data/gedit-3.38.0/gedit/gedit-pango.c
Examining data/gedit-3.38.0/gedit/gedit-pango.h
Examining data/gedit-3.38.0/gedit/gedit-plugins-engine.h
Examining data/gedit-3.38.0/gedit/gedit-preferences-dialog.c
Examining data/gedit-3.38.0/gedit/gedit-preferences-dialog.h
Examining data/gedit-3.38.0/gedit/gedit-print-job.c
Examining data/gedit-3.38.0/gedit/gedit-print-job.h
Examining data/gedit-3.38.0/gedit/gedit-print-preview.c
Examining data/gedit-3.38.0/gedit/gedit-print-preview.h
Examining data/gedit-3.38.0/gedit/gedit-progress-info-bar.c
Examining data/gedit-3.38.0/gedit/gedit-progress-info-bar.h
Examining data/gedit-3.38.0/gedit/gedit-recent.c
Examining data/gedit-3.38.0/gedit/gedit-recent.h
Examining data/gedit-3.38.0/gedit/gedit-replace-dialog.c
Examining data/gedit-3.38.0/gedit/gedit-replace-dialog.h
Examining data/gedit-3.38.0/gedit/gedit-settings.c
Examining data/gedit-3.38.0/gedit/gedit-settings.h
Examining data/gedit-3.38.0/gedit/gedit-status-menu-button.c
Examining data/gedit-3.38.0/gedit/gedit-status-menu-button.h
Examining data/gedit-3.38.0/gedit/gedit-statusbar.c
Examining data/gedit-3.38.0/gedit/gedit-statusbar.h
Examining data/gedit-3.38.0/gedit/gedit-tab-label.c
Examining data/gedit-3.38.0/gedit/gedit-tab-label.h
Examining data/gedit-3.38.0/gedit/gedit-tab-private.h
Examining data/gedit-3.38.0/gedit/gedit-tab.c
Examining data/gedit-3.38.0/gedit/gedit-tab.h
Examining data/gedit-3.38.0/gedit/gedit-utils.c
Examining data/gedit-3.38.0/gedit/gedit-utils.h
Examining data/gedit-3.38.0/gedit/gedit-view-activatable.c
Examining data/gedit-3.38.0/gedit/gedit-view-activatable.h
Examining data/gedit-3.38.0/gedit/gedit-view-frame.c
Examining data/gedit-3.38.0/gedit/gedit-view-frame.h
Examining data/gedit-3.38.0/gedit/gedit-view.c
Examining data/gedit-3.38.0/gedit/gedit-view.h
Examining data/gedit-3.38.0/gedit/gedit-window-activatable.c
Examining data/gedit-3.38.0/gedit/gedit-window-activatable.h
Examining data/gedit-3.38.0/gedit/gedit-window-private.h
Examining data/gedit-3.38.0/gedit/gedit-window.c
Examining data/gedit-3.38.0/gedit/gedit-window.h
Examining data/gedit-3.38.0/gedit/gedit.c
Examining data/gedit-3.38.0/gedit/gedit-dirs.c
Examining data/gedit-3.38.0/gedit/gedit-dirs.h
Examining data/gedit-3.38.0/gedit/gedit-plugins-engine.c
Examining data/gedit-3.38.0/plugins/docinfo/gedit-docinfo-plugin.c
Examining data/gedit-3.38.0/plugins/docinfo/gedit-docinfo-plugin.h
Examining data/gedit-3.38.0/plugins/filebrowser/gedit-file-bookmarks-store.c
Examining data/gedit-3.38.0/plugins/filebrowser/gedit-file-bookmarks-store.h
Examining data/gedit-3.38.0/plugins/filebrowser/gedit-file-browser-error.h
Examining data/gedit-3.38.0/plugins/filebrowser/gedit-file-browser-messages.c
Examining data/gedit-3.38.0/plugins/filebrowser/gedit-file-browser-messages.h
Examining data/gedit-3.38.0/plugins/filebrowser/gedit-file-browser-plugin.c
Examining data/gedit-3.38.0/plugins/filebrowser/gedit-file-browser-plugin.h
Examining data/gedit-3.38.0/plugins/filebrowser/gedit-file-browser-store.c
Examining data/gedit-3.38.0/plugins/filebrowser/gedit-file-browser-store.h
Examining data/gedit-3.38.0/plugins/filebrowser/gedit-file-browser-utils.c
Examining data/gedit-3.38.0/plugins/filebrowser/gedit-file-browser-utils.h
Examining data/gedit-3.38.0/plugins/filebrowser/gedit-file-browser-view.c
Examining data/gedit-3.38.0/plugins/filebrowser/gedit-file-browser-view.h
Examining data/gedit-3.38.0/plugins/filebrowser/gedit-file-browser-widget.c
Examining data/gedit-3.38.0/plugins/filebrowser/gedit-file-browser-widget.h
Examining data/gedit-3.38.0/plugins/filebrowser/messages/gedit-file-browser-message-activation.c
Examining data/gedit-3.38.0/plugins/filebrowser/messages/gedit-file-browser-message-activation.h
Examining data/gedit-3.38.0/plugins/filebrowser/messages/gedit-file-browser-message-add-filter.c
Examining data/gedit-3.38.0/plugins/filebrowser/messages/gedit-file-browser-message-add-filter.h
Examining data/gedit-3.38.0/plugins/filebrowser/messages/gedit-file-browser-message-extend-context-menu.c
Examining data/gedit-3.38.0/plugins/filebrowser/messages/gedit-file-browser-message-extend-context-menu.h
Examining data/gedit-3.38.0/plugins/filebrowser/messages/gedit-file-browser-message-get-root.c
Examining data/gedit-3.38.0/plugins/filebrowser/messages/gedit-file-browser-message-get-root.h
Examining data/gedit-3.38.0/plugins/filebrowser/messages/gedit-file-browser-message-get-view.c
Examining data/gedit-3.38.0/plugins/filebrowser/messages/gedit-file-browser-message-get-view.h
Examining data/gedit-3.38.0/plugins/filebrowser/messages/gedit-file-browser-message-id-location.c
Examining data/gedit-3.38.0/plugins/filebrowser/messages/gedit-file-browser-message-id-location.h
Examining data/gedit-3.38.0/plugins/filebrowser/messages/gedit-file-browser-message-id.c
Examining data/gedit-3.38.0/plugins/filebrowser/messages/gedit-file-browser-message-id.h
Examining data/gedit-3.38.0/plugins/filebrowser/messages/gedit-file-browser-message-set-emblem.c
Examining data/gedit-3.38.0/plugins/filebrowser/messages/gedit-file-browser-message-set-emblem.h
Examining data/gedit-3.38.0/plugins/filebrowser/messages/gedit-file-browser-message-set-markup.c
Examining data/gedit-3.38.0/plugins/filebrowser/messages/gedit-file-browser-message-set-markup.h
Examining data/gedit-3.38.0/plugins/filebrowser/messages/gedit-file-browser-message-set-root.c
Examining data/gedit-3.38.0/plugins/filebrowser/messages/gedit-file-browser-message-set-root.h
Examining data/gedit-3.38.0/plugins/filebrowser/messages/messages.h
Examining data/gedit-3.38.0/plugins/modelines/gedit-modeline-plugin.c
Examining data/gedit-3.38.0/plugins/modelines/gedit-modeline-plugin.h
Examining data/gedit-3.38.0/plugins/modelines/modeline-parser.c
Examining data/gedit-3.38.0/plugins/modelines/modeline-parser.h
Examining data/gedit-3.38.0/plugins/quickhighlight/gedit-quick-highlight-plugin.c
Examining data/gedit-3.38.0/plugins/quickhighlight/gedit-quick-highlight-plugin.h
Examining data/gedit-3.38.0/plugins/sort/gedit-sort-plugin.c
Examining data/gedit-3.38.0/plugins/sort/gedit-sort-plugin.h
Examining data/gedit-3.38.0/plugins/spell/gedit-spell-app-activatable.c
Examining data/gedit-3.38.0/plugins/spell/gedit-spell-app-activatable.h
Examining data/gedit-3.38.0/plugins/spell/gedit-spell-plugin.c
Examining data/gedit-3.38.0/plugins/spell/gedit-spell-plugin.h
Examining data/gedit-3.38.0/plugins/time/gedit-time-plugin.c
Examining data/gedit-3.38.0/plugins/time/gedit-time-plugin.h
Examining data/gedit-3.38.0/subprojects/libgd/libgd/gd-icon-utils.c
Examining data/gedit-3.38.0/subprojects/libgd/libgd/gd-icon-utils.h
Examining data/gedit-3.38.0/subprojects/libgd/libgd/gd-main-box-child.c
Examining data/gedit-3.38.0/subprojects/libgd/libgd/gd-main-box-child.h
Examining data/gedit-3.38.0/subprojects/libgd/libgd/gd-main-box-generic.c
Examining data/gedit-3.38.0/subprojects/libgd/libgd/gd-main-box-generic.h
Examining data/gedit-3.38.0/subprojects/libgd/libgd/gd-main-box-item.c
Examining data/gedit-3.38.0/subprojects/libgd/libgd/gd-main-box-item.h
Examining data/gedit-3.38.0/subprojects/libgd/libgd/gd-main-box.c
Examining data/gedit-3.38.0/subprojects/libgd/libgd/gd-main-box.h
Examining data/gedit-3.38.0/subprojects/libgd/libgd/gd-main-icon-box-child.c
Examining data/gedit-3.38.0/subprojects/libgd/libgd/gd-main-icon-box-child.h
Examining data/gedit-3.38.0/subprojects/libgd/libgd/gd-main-icon-box-icon.c
Examining data/gedit-3.38.0/subprojects/libgd/libgd/gd-main-icon-box-icon.h
Examining data/gedit-3.38.0/subprojects/libgd/libgd/gd-main-icon-box.c
Examining data/gedit-3.38.0/subprojects/libgd/libgd/gd-main-icon-box.h
Examining data/gedit-3.38.0/subprojects/libgd/libgd/gd-main-icon-view.c
Examining data/gedit-3.38.0/subprojects/libgd/libgd/gd-main-icon-view.h
Examining data/gedit-3.38.0/subprojects/libgd/libgd/gd-main-list-view.c
Examining data/gedit-3.38.0/subprojects/libgd/libgd/gd-main-list-view.h
Examining data/gedit-3.38.0/subprojects/libgd/libgd/gd-main-view-generic.c
Examining data/gedit-3.38.0/subprojects/libgd/libgd/gd-main-view-generic.h
Examining data/gedit-3.38.0/subprojects/libgd/libgd/gd-main-view.c
Examining data/gedit-3.38.0/subprojects/libgd/libgd/gd-main-view.h
Examining data/gedit-3.38.0/subprojects/libgd/libgd/gd-margin-container.c
Examining data/gedit-3.38.0/subprojects/libgd/libgd/gd-margin-container.h
Examining data/gedit-3.38.0/subprojects/libgd/libgd/gd-notification.c
Examining data/gedit-3.38.0/subprojects/libgd/libgd/gd-notification.h
Examining data/gedit-3.38.0/subprojects/libgd/libgd/gd-styled-text-renderer.c
Examining data/gedit-3.38.0/subprojects/libgd/libgd/gd-styled-text-renderer.h
Examining data/gedit-3.38.0/subprojects/libgd/libgd/gd-tagged-entry.c
Examining data/gedit-3.38.0/subprojects/libgd/libgd/gd-tagged-entry.h
Examining data/gedit-3.38.0/subprojects/libgd/libgd/gd-toggle-pixbuf-renderer.c
Examining data/gedit-3.38.0/subprojects/libgd/libgd/gd-toggle-pixbuf-renderer.h
Examining data/gedit-3.38.0/subprojects/libgd/libgd/gd-two-lines-renderer.c
Examining data/gedit-3.38.0/subprojects/libgd/libgd/gd-two-lines-renderer.h
Examining data/gedit-3.38.0/subprojects/libgd/libgd/gd-types-catalog.c
Examining data/gedit-3.38.0/subprojects/libgd/libgd/gd-types-catalog.h
Examining data/gedit-3.38.0/subprojects/libgd/libgd/gd.h
Examining data/gedit-3.38.0/subprojects/libgd/test-tagged-entry-2.c
Examining data/gedit-3.38.0/subprojects/libgd/test-tagged-entry.c

FINAL RESULTS:

data/gedit-3.38.0/gedit/gedit-commands-file.c:841:42:  [3] (buffer) g_get_home_dir:
  This function is synonymous with 'getenv("HOME")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
			default_folder = g_file_new_for_path (g_get_home_dir ());
data/gedit-3.38.0/gedit/gedit-utils.c:580:24:  [3] (buffer) g_get_tmp_dir:
  This function is synonymous with 'getenv("TMP")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
			tempdir = g_strdup (g_get_tmp_dir ());
data/gedit-3.38.0/plugins/filebrowser/gedit-file-bookmarks-store.c:192:22:  [3] (buffer) g_get_home_dir:
  This function is synonymous with 'getenv("HOME")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
	gchar const *path = g_get_home_dir ();
data/gedit-3.38.0/plugins/filebrowser/gedit-file-bookmarks-store.c:477:27:  [3] (buffer) g_get_home_dir:
  This function is synonymous with 'getenv("HOME")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
	return g_build_filename (g_get_home_dir (), ".gtk-bookmarks", NULL);
data/gedit-3.38.0/plugins/filebrowser/gedit-file-browser-widget.c:2563:40:  [3] (buffer) g_get_home_dir:
  This function is synonymous with 'getenv("HOME")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
		location = g_strdup_printf ("%s/%s", g_get_home_dir (), tmp + strlen ("~/"));
data/gedit-3.38.0/plugins/filebrowser/gedit-file-browser-widget.c:2918:39:  [3] (buffer) g_get_home_dir:
  This function is synonymous with 'getenv("HOME")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
	home_location = g_file_new_for_path (g_get_home_dir ());
data/gedit-3.38.0/gedit/gedit-app.c:798:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			*line = atoi (split[0]);
data/gedit-3.38.0/gedit/gedit-app.c:803:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			*column = atoi (split[1]);
data/gedit-3.38.0/gedit/gedit-print-preview.c:394:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	page = CLAMP (atoi (text), 1, n_pages) - 1;
data/gedit-3.38.0/gedit/gedit-print-preview.c:430:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	page = atoi (text) - 1;
data/gedit-3.38.0/gedit/gedit-tab.c:1650:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		offset = pos != NULL ? atoi (pos) : 0;
data/gedit-3.38.0/gedit/gedit-view-frame.c:1091:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			offset_line = MAX (atoi (text + 1), 0);
data/gedit-3.38.0/gedit/gedit-view-frame.c:1102:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			offset_line = MAX (atoi (text + 1), 0);
data/gedit-3.38.0/gedit/gedit-view-frame.c:1109:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		line = MAX (atoi (text) - 1, 0);
data/gedit-3.38.0/gedit/gedit-view-frame.c:1114:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		line_offset = atoi (split_text[1]);
data/gedit-3.38.0/plugins/filebrowser/gedit-file-browser-plugin.c:828:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	gboolean open;
data/gedit-3.38.0/plugins/filebrowser/gedit-file-browser-plugin.c:834:6:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (open)
data/gedit-3.38.0/plugins/modelines/modeline-parser.c:309:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			intval = atoi (value->str);
data/gedit-3.38.0/plugins/modelines/modeline-parser.c:320:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			intval = atoi (value->str);
data/gedit-3.38.0/plugins/modelines/modeline-parser.c:337:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			intval = atoi (value->str);
data/gedit-3.38.0/plugins/modelines/modeline-parser.c:420:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			intval = atoi (value->str);
data/gedit-3.38.0/plugins/modelines/modeline-parser.c:432:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			intval = atoi (value->str);
data/gedit-3.38.0/plugins/modelines/modeline-parser.c:520:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			intval = atoi (value->str);
data/gedit-3.38.0/plugins/modelines/modeline-parser.c:530:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			intval = atoi (value->str);
data/gedit-3.38.0/plugins/modelines/modeline-parser.c:554:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			intval = atoi (value->str);
data/gedit-3.38.0/gedit/gedit-document.c:884:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	                                     strlen (data),
data/gedit-3.38.0/gedit/gedit-documents-panel.c:1159:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			                        strlen (full_name));
data/gedit-3.38.0/gedit/gedit-highlight-mode-selector.c:335:9:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
				if (equal)
data/gedit-3.38.0/gedit/gedit-utils.c:151:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ((strlen (str) == 1) && (*str == '.'))
data/gedit-3.38.0/gedit/gedit-utils.c:594:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				     strlen (uri));
data/gedit-3.38.0/plugins/docinfo/gedit-docinfo-plugin.c:108:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	*bytes = strlen (text);
data/gedit-3.38.0/plugins/filebrowser/gedit-file-browser-store.c:1028:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			gssize name_length = strlen (node->name);
data/gedit-3.38.0/plugins/filebrowser/gedit-file-browser-store.c:3023:7:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
		if (equal && virtual_root == NULL)
data/gedit-3.38.0/plugins/filebrowser/gedit-file-browser-store.c:3029:7:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
		if (equal && g_file_equal (virtual_root, model->priv->virtual_root->file))
data/gedit-3.38.0/plugins/filebrowser/gedit-file-browser-widget.c:2563:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		location = g_strdup_printf ("%s/%s", g_get_home_dir (), tmp + strlen ("~/"));
data/gedit-3.38.0/subprojects/libgd/libgd/gd-main-view.c:329:12:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
  gboolean equal;
data/gedit-3.38.0/subprojects/libgd/libgd/gd-main-view.c:355:11:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
      if (equal)

ANALYSIS SUMMARY:

Hits = 37
Lines analyzed = 69546 in approximately 1.25 seconds (55584 lines/second)
Physical Source Lines of Code (SLOC) = 49059
Hits@level = [0]   0 [1]  12 [2]  19 [3]   6 [4]   0 [5]   0
Hits@level+ = [0+]  37 [1+]  37 [2+]  25 [3+]   6 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 0.754194 [1+] 0.754194 [2+] 0.50959 [3+] 0.122302 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.