Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/glurp-0.12.3/src/conf.h Examining data/glurp-0.12.3/src/conf.c Examining data/glurp-0.12.3/src/mpd-callbacks.h Examining data/glurp-0.12.3/src/mpd-callbacks.c Examining data/glurp-0.12.3/src/gui.h Examining data/glurp-0.12.3/src/gui.c Examining data/glurp-0.12.3/src/comm.h Examining data/glurp-0.12.3/src/comm.c Examining data/glurp-0.12.3/src/gui-callbacks.h Examining data/glurp-0.12.3/src/gui-callbacks.c Examining data/glurp-0.12.3/src/player.h Examining data/glurp-0.12.3/src/player.c Examining data/glurp-0.12.3/src/keyboard.c Examining data/glurp-0.12.3/src/main.c Examining data/glurp-0.12.3/src/structs.h Examining data/glurp-0.12.3/src/support.h Examining data/glurp-0.12.3/src/support.c Examining data/glurp-0.12.3/src/trayicon.h Examining data/glurp-0.12.3/src/trayicon.c Examining data/glurp-0.12.3/src/traymenu.h Examining data/glurp-0.12.3/src/traymenu.c FINAL RESULTS: data/glurp-0.12.3/src/conf.c:93:51: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. conf_path = g_strdup_printf("%s/%s", g_strdup(g_get_home_dir()), GLURP_CONFIG_FILE); data/glurp-0.12.3/src/conf.c:220:51: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. conf_path = g_strdup_printf("%s/%s", g_strdup(g_get_home_dir()), GLURP_CONFIG_FILE); data/glurp-0.12.3/src/main.c:70:15: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. if( (c = getopt_long(argc, argv, "vh", long_options, &option_index)) == -1) data/glurp-0.12.3/src/conf.c:135:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). glurp->config->server_port = atoi(value); data/glurp-0.12.3/src/conf.c:145:40: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). glurp->config->autoconnect = yesno(atoi(value)); data/glurp-0.12.3/src/conf.c:150:50: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). glurp->config->playlist_vis_on_start = yesno(atoi(value)); data/glurp-0.12.3/src/conf.c:155:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). glurp->config->time_display_left = yesno(atoi(value)); data/glurp-0.12.3/src/conf.c:172:53: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). glurp->config->playlist_columns[PL_POS] = yesno(atoi(value)); data/glurp-0.12.3/src/conf.c:178:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). glurp->config->pos_x = atoi(value); data/glurp-0.12.3/src/conf.c:183:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). glurp->config->pos_y = atoi(value); data/glurp-0.12.3/src/conf.c:188:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). glurp->config->width = atoi(value); data/glurp-0.12.3/src/conf.c:193:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). glurp->config->height = atoi(value); data/glurp-0.12.3/src/conf.c:198:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). glurp->config->save_size = yesno(atoi(value)); data/glurp-0.12.3/src/conf.c:203:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). glurp->config->trayicon = yesno(atoi(value)); data/glurp-0.12.3/src/conf.c:229:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( !(f = fopen(conf_path, "w")) ) { data/glurp-0.12.3/src/gui-callbacks.c:726:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). spos = cpos = atoi(gtk_tree_path_to_string(path)); data/glurp-0.12.3/src/gui.c:403:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). glurp->config->server_port = atoi(gtk_entry_get_text(GTK_ENTRY(w))); data/glurp-0.12.3/src/support.c:46:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[4097]; data/glurp-0.12.3/src/support.c:58:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[129]; data/glurp-0.12.3/src/support.c:87:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[129-strlen(GLURP_TITLE_PREFIX)], *str2; data/glurp-0.12.3/src/comm.c:43:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(!glurp->config->server_host || !strlen(glurp->config->server_host)) { data/glurp-0.12.3/src/comm.c:196:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( what == NULL || !strlen(what) ) return; data/glurp-0.12.3/src/conf.c:113:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while(conf_items[i] && strlen(conf_items[i])) { data/glurp-0.12.3/src/conf.c:116:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(conf_item[0]) ) { data/glurp-0.12.3/src/conf.c:237:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( glurp->config->server_host && strlen(glurp->config->server_host) ) { data/glurp-0.12.3/src/conf.c:245:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( glurp->config->server_pass && strlen(glurp->config->server_pass) ) { data/glurp-0.12.3/src/support.c:87:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char str[129-strlen(GLURP_TITLE_PREFIX)], *str2; data/glurp-0.12.3/src/support.c:95:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(!string || !strlen(str)) str2 = g_strdup_printf("%s", GLURP_TITLE_PREFIX); data/glurp-0.12.3/src/support.c:249:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( !urls || !strlen(urls) ) { data/glurp-0.12.3/src/support.c:289:72: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for( s = glurp->stream_history; s; s = s->next ) h = g_strconcat(h, (strlen(h) ? " " : ""), s->url, NULL); data/glurp-0.12.3/src/support.c:372:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(i=0; i< strlen(buf);i++) data/glurp-0.12.3/src/support.c:376:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(i=strlen(buf);buf[i] != '.';i--); ANALYSIS SUMMARY: Hits = 32 Lines analyzed = 5124 in approximately 0.18 seconds (29170 lines/second) Physical Source Lines of Code (SLOC) = 3506 Hits@level = [0] 4 [1] 12 [2] 17 [3] 3 [4] 0 [5] 0 Hits@level+ = [0+] 36 [1+] 32 [2+] 20 [3+] 3 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 10.2681 [1+] 9.12721 [2+] 5.70451 [3+] 0.855676 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.