Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/gkrellshoot-0.4.4/gkrellshoot.c FINAL RESULTS: data/gkrellshoot-0.4.4/gkrellshoot.c:1292:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( anim_select[chart_index], anim_name[current_anim[chart_index]] ); data/gkrellshoot-0.4.4/gkrellshoot.c:1378:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. else { sprintf( tmp_scmd, "%s", " " ); } data/gkrellshoot-0.4.4/gkrellshoot.c:1380:24: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if ( with_frame ) { sprintf( tmp_fcmd, " %s ", "-frame" ); } data/gkrellshoot-0.4.4/gkrellshoot.c:1381:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. else { sprintf( tmp_fcmd, "%s", " " ); } data/gkrellshoot-0.4.4/gkrellshoot.c:1385:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( tmp_gcmd, " %s ", "-colorspace GRAY -depth 8" ); data/gkrellshoot-0.4.4/gkrellshoot.c:1387:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. else { sprintf( tmp_gcmd, "%s", " " ); } data/gkrellshoot-0.4.4/gkrellshoot.c:1391:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( tmp_wcmd,"%s %s %s %s ", SHOOT_WINDOW, tmp_fcmd, tmp_gcmd, filename ); data/gkrellshoot-0.4.4/gkrellshoot.c:1395:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( tmp_wcmd,"%s %s %s %s ", SHOOT_SCREEN, tmp_fcmd, tmp_gcmd, filename ); data/gkrellshoot-0.4.4/gkrellshoot.c:1400:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( tmp_vcmd," && %s %s ", view_cmd, filename ); data/gkrellshoot-0.4.4/gkrellshoot.c:1407:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( shoot_cmd,"%s %s %s &", tmp_scmd, tmp_wcmd, tmp_vcmd ); data/gkrellshoot-0.4.4/gkrellshoot.c:1423:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( filename, "%s/gkrellShoot_%02d-%02d-%02d_%02d%02d%02d.%s", data/gkrellshoot-0.4.4/gkrellshoot.c:1428:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( filename, "%s/gkrellShoot_%02d-%02d-%02d_%02d%02d%02d.%s", data/gkrellshoot-0.4.4/gkrellshoot.c:1433:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( filename, "%s/gkrellShoot_%02d-%02d-%02d_%02d%02d%02d.%s", data/gkrellshoot-0.4.4/gkrellshoot.c:1438:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( filename, "%s/gkrellShoot_%02d-%02d-%02d_%02d%02d%02d.%s", data/gkrellshoot-0.4.4/gkrellshoot.c:1443:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( filename, "%s/gkrellShoot_%02d-%02d-%02d_%02d%02d%02d.%s", data/gkrellshoot-0.4.4/gkrellshoot.c:1448:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( filename, "%s/gkrellShoot_%02d-%02d-%02d_%02d%02d%02d.%s", data/gkrellshoot-0.4.4/gkrellshoot.c:1459:6: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system ( shoot_cmd ); data/gkrellshoot-0.4.4/gkrellshoot.c:1724:9: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. n = sscanf(arg, "%s %[^\n]", config, item); data/gkrellshoot-0.4.4/gkrellshoot.c:1729:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(xlock_cmd, item); data/gkrellshoot-0.4.4/gkrellshoot.c:1741:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(view_cmd, item); data/gkrellshoot-0.4.4/gkrellshoot.c:1745:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image_format, item); data/gkrellshoot-0.4.4/gkrellshoot.c:1753:46: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if ( valid_anim_type( item, i ) ) { strcpy(anim_select[i], item); } data/gkrellshoot-0.4.4/gkrellshoot.c:1765:48: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (strcmp(config, "save_dir") == 0) { strcpy(save_dir, item); } data/gkrellshoot-0.4.4/gkrellshoot.c:1767:49: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (strcmp(config, "ff_select") == 0) { strcpy(ff_select, item); } data/gkrellshoot-0.4.4/gkrellshoot.c:1800:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( anim_select[i], c ); data/gkrellshoot-0.4.4/gkrellshoot.c:1810:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( xlock_cmd, c_text ); data/gkrellshoot-0.4.4/gkrellshoot.c:1815:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( view_cmd, c_text ); data/gkrellshoot-0.4.4/gkrellshoot.c:1820:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( image_format, c_text ); data/gkrellshoot-0.4.4/gkrellshoot.c:1831:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( save_dir, c_text ); data/gkrellshoot-0.4.4/gkrellshoot.c:1836:35: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (strcmp(ff_select, c) ) { strcpy( ff_select, c ); } data/gkrellshoot-0.4.4/gkrellshoot.c:2260:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( anim_select[i],"%s", anim_name[current_anim[i]] ); data/gkrellshoot-0.4.4/gkrellshoot.c:2265:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( xlock_cmd,"%s", DEFAULT_XLOCK ); data/gkrellshoot-0.4.4/gkrellshoot.c:2266:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( view_cmd,"%s", DEFAULT_VIEW ); data/gkrellshoot-0.4.4/gkrellshoot.c:2267:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( image_format,"%s", DEFAULT_IMAGE ); data/gkrellshoot-0.4.4/gkrellshoot.c:2270:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( save_dir,"%s", gkrellm_homedir() ); data/gkrellshoot-0.4.4/gkrellshoot.c:2272:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( filename, "%s/%s", save_dir, DEFAULT_OUTFILE ); data/gkrellshoot-0.4.4/gkrellshoot.c:2274:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( ff_select,"%s", MMDDYY ); data/gkrellshoot-0.4.4/gkrellshoot.c:1376:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( tmp_scmd, "sleep %d &&", wait_seconds ); data/gkrellshoot-0.4.4/gkrellshoot.c:1417:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( image_format, "jpg" ); data/gkrellshoot-0.4.4/gkrellshoot.c:1750:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( tmp_buf, "anim_select%d",i); data/gkrellshoot-0.4.4/gkrellshoot.c:1755:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( tmp_buf, "cycle_anim%d",i); data/gkrellshoot-0.4.4/gkrellshoot.c:1404:6: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy( tmp_vcmd, " " ); data/gkrellshoot-0.4.4/gkrellshoot.c:1415:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( image_format ) == 0 ) ANALYSIS SUMMARY: Hits = 43 Lines analyzed = 2303 in approximately 0.09 seconds (27084 lines/second) Physical Source Lines of Code (SLOC) = 1787 Hits@level = [0] 22 [1] 2 [2] 4 [3] 0 [4] 37 [5] 0 Hits@level+ = [0+] 65 [1+] 43 [2+] 41 [3+] 37 [4+] 37 [5+] 0 Hits/KSLOC@level+ = [0+] 36.3738 [1+] 24.0627 [2+] 22.9435 [3+] 20.7051 [4+] 20.7051 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.