stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gkrellshoot-0.4.4/gkrellshoot.c

FINAL RESULTS:

data/gkrellshoot-0.4.4/gkrellshoot.c:1292:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy( anim_select[chart_index], anim_name[current_anim[chart_index]] );
data/gkrellshoot-0.4.4/gkrellshoot.c:1378:11:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
   else { sprintf( tmp_scmd, "%s", " " ); }
data/gkrellshoot-0.4.4/gkrellshoot.c:1380:24:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
   if ( with_frame ) { sprintf( tmp_fcmd, " %s ", "-frame" ); }
data/gkrellshoot-0.4.4/gkrellshoot.c:1381:11:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
   else { sprintf( tmp_fcmd, "%s", " " ); }
data/gkrellshoot-0.4.4/gkrellshoot.c:1385:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
     sprintf( tmp_gcmd, " %s ", "-colorspace GRAY -depth 8" ); 
data/gkrellshoot-0.4.4/gkrellshoot.c:1387:11:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
   else { sprintf( tmp_gcmd, "%s", " " ); }
data/gkrellshoot-0.4.4/gkrellshoot.c:1391:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
     sprintf( tmp_wcmd,"%s %s %s %s ",  SHOOT_WINDOW, tmp_fcmd, tmp_gcmd, filename );
data/gkrellshoot-0.4.4/gkrellshoot.c:1395:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
     sprintf( tmp_wcmd,"%s %s %s %s ",  SHOOT_SCREEN, tmp_fcmd, tmp_gcmd, filename );
data/gkrellshoot-0.4.4/gkrellshoot.c:1400:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
     sprintf( tmp_vcmd," && %s %s ",  view_cmd, filename );
data/gkrellshoot-0.4.4/gkrellshoot.c:1407:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
   sprintf( shoot_cmd,"%s %s %s &",  tmp_scmd, tmp_wcmd, tmp_vcmd );
data/gkrellshoot-0.4.4/gkrellshoot.c:1423:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf( filename, "%s/gkrellShoot_%02d-%02d-%02d_%02d%02d%02d.%s", 
data/gkrellshoot-0.4.4/gkrellshoot.c:1428:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf( filename, "%s/gkrellShoot_%02d-%02d-%02d_%02d%02d%02d.%s", 
data/gkrellshoot-0.4.4/gkrellshoot.c:1433:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf( filename, "%s/gkrellShoot_%02d-%02d-%02d_%02d%02d%02d.%s", 
data/gkrellshoot-0.4.4/gkrellshoot.c:1438:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf( filename, "%s/gkrellShoot_%02d-%02d-%02d_%02d%02d%02d.%s", 
data/gkrellshoot-0.4.4/gkrellshoot.c:1443:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf( filename, "%s/gkrellShoot_%02d-%02d-%02d_%02d%02d%02d.%s", 
data/gkrellshoot-0.4.4/gkrellshoot.c:1448:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf( filename, "%s/gkrellShoot_%02d-%02d-%02d_%02d%02d%02d.%s", 
data/gkrellshoot-0.4.4/gkrellshoot.c:1459:6:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
     system ( shoot_cmd );
data/gkrellshoot-0.4.4/gkrellshoot.c:1724:9:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
    n = sscanf(arg, "%s %[^\n]", config, item);
data/gkrellshoot-0.4.4/gkrellshoot.c:1729:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(xlock_cmd, item);
data/gkrellshoot-0.4.4/gkrellshoot.c:1741:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(view_cmd, item);
data/gkrellshoot-0.4.4/gkrellshoot.c:1745:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(image_format, item);
data/gkrellshoot-0.4.4/gkrellshoot.c:1753:46:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	        if ( valid_anim_type( item, i ) ) { strcpy(anim_select[i], item); }
data/gkrellshoot-0.4.4/gkrellshoot.c:1765:48:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        if (strcmp(config, "save_dir") == 0) {	strcpy(save_dir, item); }    
data/gkrellshoot-0.4.4/gkrellshoot.c:1767:49:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        if (strcmp(config, "ff_select") == 0) {	strcpy(ff_select, item); }    
data/gkrellshoot-0.4.4/gkrellshoot.c:1800:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy( anim_select[i], c );
data/gkrellshoot-0.4.4/gkrellshoot.c:1810:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy( xlock_cmd, c_text );
data/gkrellshoot-0.4.4/gkrellshoot.c:1815:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy( view_cmd, c_text );    
data/gkrellshoot-0.4.4/gkrellshoot.c:1820:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy( image_format, c_text );    
data/gkrellshoot-0.4.4/gkrellshoot.c:1831:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  	  strcpy( save_dir, c_text );
data/gkrellshoot-0.4.4/gkrellshoot.c:1836:35:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
     if (strcmp(ff_select, c) ) { strcpy( ff_select, c ); } 
data/gkrellshoot-0.4.4/gkrellshoot.c:2260:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
     sprintf( anim_select[i],"%s",  anim_name[current_anim[i]] );
data/gkrellshoot-0.4.4/gkrellshoot.c:2265:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
   sprintf( xlock_cmd,"%s",  DEFAULT_XLOCK );
data/gkrellshoot-0.4.4/gkrellshoot.c:2266:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
   sprintf( view_cmd,"%s",  DEFAULT_VIEW );
data/gkrellshoot-0.4.4/gkrellshoot.c:2267:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
   sprintf( image_format,"%s",  DEFAULT_IMAGE );
data/gkrellshoot-0.4.4/gkrellshoot.c:2270:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
   sprintf( save_dir,"%s", gkrellm_homedir() );
data/gkrellshoot-0.4.4/gkrellshoot.c:2272:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
   sprintf( filename, "%s/%s", save_dir, DEFAULT_OUTFILE );
data/gkrellshoot-0.4.4/gkrellshoot.c:2274:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
   sprintf( ff_select,"%s",  MMDDYY );
data/gkrellshoot-0.4.4/gkrellshoot.c:1376:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
     sprintf( tmp_scmd, "sleep %d &&", wait_seconds );
data/gkrellshoot-0.4.4/gkrellshoot.c:1417:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy( image_format, "jpg" );
data/gkrellshoot-0.4.4/gkrellshoot.c:1750:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		  sprintf( tmp_buf, "anim_select%d",i);
data/gkrellshoot-0.4.4/gkrellshoot.c:1755:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		  sprintf( tmp_buf, "cycle_anim%d",i);
data/gkrellshoot-0.4.4/gkrellshoot.c:1404:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
     strcpy( tmp_vcmd, " " );	   
data/gkrellshoot-0.4.4/gkrellshoot.c:1415:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if ( strlen( image_format ) == 0 )

ANALYSIS SUMMARY:

Hits = 43
Lines analyzed = 2303 in approximately 0.09 seconds (27084 lines/second)
Physical Source Lines of Code (SLOC) = 1787
Hits@level = [0]  22 [1]   2 [2]   4 [3]   0 [4]  37 [5]   0
Hits@level+ = [0+]  65 [1+]  43 [2+]  41 [3+]  37 [4+]  37 [5+]   0
Hits/KSLOC@level+ = [0+] 36.3738 [1+] 24.0627 [2+] 22.9435 [3+] 20.7051 [4+] 20.7051 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.