Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gnome-calendar-3.38.1/src/core/gcal-calendar-monitor.c
Examining data/gnome-calendar-3.38.1/src/core/gcal-calendar-monitor.h
Examining data/gnome-calendar-3.38.1/src/core/gcal-calendar.c
Examining data/gnome-calendar-3.38.1/src/core/gcal-calendar.h
Examining data/gnome-calendar-3.38.1/src/core/gcal-clock.c
Examining data/gnome-calendar-3.38.1/src/core/gcal-clock.h
Examining data/gnome-calendar-3.38.1/src/core/gcal-context.c
Examining data/gnome-calendar-3.38.1/src/core/gcal-context.h
Examining data/gnome-calendar-3.38.1/src/core/gcal-event.c
Examining data/gnome-calendar-3.38.1/src/core/gcal-event.h
Examining data/gnome-calendar-3.38.1/src/core/gcal-log.c
Examining data/gnome-calendar-3.38.1/src/core/gcal-log.h
Examining data/gnome-calendar-3.38.1/src/core/gcal-manager.c
Examining data/gnome-calendar-3.38.1/src/core/gcal-manager.h
Examining data/gnome-calendar-3.38.1/src/core/gcal-night-light-monitor.c
Examining data/gnome-calendar-3.38.1/src/core/gcal-night-light-monitor.h
Examining data/gnome-calendar-3.38.1/src/core/gcal-range-tree.c
Examining data/gnome-calendar-3.38.1/src/core/gcal-range-tree.h
Examining data/gnome-calendar-3.38.1/src/core/gcal-range.c
Examining data/gnome-calendar-3.38.1/src/core/gcal-range.h
Examining data/gnome-calendar-3.38.1/src/core/gcal-recurrence.c
Examining data/gnome-calendar-3.38.1/src/core/gcal-recurrence.h
Examining data/gnome-calendar-3.38.1/src/core/gcal-shell-search-provider.c
Examining data/gnome-calendar-3.38.1/src/core/gcal-shell-search-provider.h
Examining data/gnome-calendar-3.38.1/src/core/gcal-time-zone-monitor.c
Examining data/gnome-calendar-3.38.1/src/core/gcal-time-zone-monitor.h
Examining data/gnome-calendar-3.38.1/src/core/gcal-timeline-subscriber.c
Examining data/gnome-calendar-3.38.1/src/core/gcal-timeline-subscriber.h
Examining data/gnome-calendar-3.38.1/src/core/gcal-timeline.h
Examining data/gnome-calendar-3.38.1/src/core/gcal-timer.c
Examining data/gnome-calendar-3.38.1/src/core/gcal-timer.h
Examining data/gnome-calendar-3.38.1/src/core/gcal-timeline.c
Examining data/gnome-calendar-3.38.1/src/css-code.h
Examining data/gnome-calendar-3.38.1/src/gcal-enums.h
Examining data/gnome-calendar-3.38.1/src/gcal-types.h
Examining data/gnome-calendar-3.38.1/src/gconstructor.h
Examining data/gnome-calendar-3.38.1/src/gui/calendar-management/gcal-calendar-management-dialog.c
Examining data/gnome-calendar-3.38.1/src/gui/calendar-management/gcal-calendar-management-dialog.h
Examining data/gnome-calendar-3.38.1/src/gui/calendar-management/gcal-calendar-management-page.c
Examining data/gnome-calendar-3.38.1/src/gui/calendar-management/gcal-calendar-management-page.h
Examining data/gnome-calendar-3.38.1/src/gui/calendar-management/gcal-calendars-page.c
Examining data/gnome-calendar-3.38.1/src/gui/calendar-management/gcal-calendars-page.h
Examining data/gnome-calendar-3.38.1/src/gui/calendar-management/gcal-edit-calendar-page.c
Examining data/gnome-calendar-3.38.1/src/gui/calendar-management/gcal-edit-calendar-page.h
Examining data/gnome-calendar-3.38.1/src/gui/calendar-management/gcal-new-calendar-page.c
Examining data/gnome-calendar-3.38.1/src/gui/calendar-management/gcal-new-calendar-page.h
Examining data/gnome-calendar-3.38.1/src/gui/gcal-alarm-row.c
Examining data/gnome-calendar-3.38.1/src/gui/gcal-alarm-row.h
Examining data/gnome-calendar-3.38.1/src/gui/gcal-application.c
Examining data/gnome-calendar-3.38.1/src/gui/gcal-application.h
Examining data/gnome-calendar-3.38.1/src/gui/gcal-calendar-popover.c
Examining data/gnome-calendar-3.38.1/src/gui/gcal-calendar-popover.h
Examining data/gnome-calendar-3.38.1/src/gui/gcal-date-chooser-day.c
Examining data/gnome-calendar-3.38.1/src/gui/gcal-date-chooser-day.h
Examining data/gnome-calendar-3.38.1/src/gui/gcal-date-chooser.c
Examining data/gnome-calendar-3.38.1/src/gui/gcal-date-chooser.h
Examining data/gnome-calendar-3.38.1/src/gui/gcal-date-selector.c
Examining data/gnome-calendar-3.38.1/src/gui/gcal-date-selector.h
Examining data/gnome-calendar-3.38.1/src/gui/gcal-edit-dialog.c
Examining data/gnome-calendar-3.38.1/src/gui/gcal-edit-dialog.h
Examining data/gnome-calendar-3.38.1/src/gui/gcal-event-widget.c
Examining data/gnome-calendar-3.38.1/src/gui/gcal-event-widget.h
Examining data/gnome-calendar-3.38.1/src/gui/gcal-multi-choice.c
Examining data/gnome-calendar-3.38.1/src/gui/gcal-multi-choice.h
Examining data/gnome-calendar-3.38.1/src/gui/gcal-quick-add-popover.c
Examining data/gnome-calendar-3.38.1/src/gui/gcal-quick-add-popover.h
Examining data/gnome-calendar-3.38.1/src/gui/gcal-time-selector.c
Examining data/gnome-calendar-3.38.1/src/gui/gcal-time-selector.h
Examining data/gnome-calendar-3.38.1/src/gui/gcal-window.c
Examining data/gnome-calendar-3.38.1/src/gui/gcal-window.h
Examining data/gnome-calendar-3.38.1/src/main.c
Examining data/gnome-calendar-3.38.1/src/search/gcal-search-button.c
Examining data/gnome-calendar-3.38.1/src/search/gcal-search-button.h
Examining data/gnome-calendar-3.38.1/src/search/gcal-search-engine.c
Examining data/gnome-calendar-3.38.1/src/search/gcal-search-engine.h
Examining data/gnome-calendar-3.38.1/src/search/gcal-search-hit-event.c
Examining data/gnome-calendar-3.38.1/src/search/gcal-search-hit-event.h
Examining data/gnome-calendar-3.38.1/src/search/gcal-search-hit.c
Examining data/gnome-calendar-3.38.1/src/search/gcal-search-hit.h
Examining data/gnome-calendar-3.38.1/src/search/gcal-search-model.c
Examining data/gnome-calendar-3.38.1/src/search/gcal-search-model.h
Examining data/gnome-calendar-3.38.1/src/utils/gcal-date-time-utils.c
Examining data/gnome-calendar-3.38.1/src/utils/gcal-date-time-utils.h
Examining data/gnome-calendar-3.38.1/src/utils/gcal-source-discoverer.c
Examining data/gnome-calendar-3.38.1/src/utils/gcal-source-discoverer.h
Examining data/gnome-calendar-3.38.1/src/utils/gcal-utils.c
Examining data/gnome-calendar-3.38.1/src/utils/gcal-utils.h
Examining data/gnome-calendar-3.38.1/src/views/gcal-month-cell.c
Examining data/gnome-calendar-3.38.1/src/views/gcal-month-cell.h
Examining data/gnome-calendar-3.38.1/src/views/gcal-month-popover.c
Examining data/gnome-calendar-3.38.1/src/views/gcal-month-popover.h
Examining data/gnome-calendar-3.38.1/src/views/gcal-month-view.c
Examining data/gnome-calendar-3.38.1/src/views/gcal-month-view.h
Examining data/gnome-calendar-3.38.1/src/views/gcal-view.c
Examining data/gnome-calendar-3.38.1/src/views/gcal-view.h
Examining data/gnome-calendar-3.38.1/src/views/gcal-week-grid.c
Examining data/gnome-calendar-3.38.1/src/views/gcal-week-grid.h
Examining data/gnome-calendar-3.38.1/src/views/gcal-week-header.c
Examining data/gnome-calendar-3.38.1/src/views/gcal-week-header.h
Examining data/gnome-calendar-3.38.1/src/views/gcal-week-view.c
Examining data/gnome-calendar-3.38.1/src/views/gcal-week-view.h
Examining data/gnome-calendar-3.38.1/src/views/gcal-year-view.c
Examining data/gnome-calendar-3.38.1/src/views/gcal-year-view.h
Examining data/gnome-calendar-3.38.1/src/weather/gcal-weather-info.c
Examining data/gnome-calendar-3.38.1/src/weather/gcal-weather-info.h
Examining data/gnome-calendar-3.38.1/src/weather/gcal-weather-service.c
Examining data/gnome-calendar-3.38.1/src/weather/gcal-weather-service.h
Examining data/gnome-calendar-3.38.1/src/weather/gcal-weather-settings.c
Examining data/gnome-calendar-3.38.1/src/weather/gcal-weather-settings.h
Examining data/gnome-calendar-3.38.1/tests/gcal-simple-server.c
Examining data/gnome-calendar-3.38.1/tests/gcal-simple-server.h
Examining data/gnome-calendar-3.38.1/tests/gcal-stub-calendar.c
Examining data/gnome-calendar-3.38.1/tests/gcal-stub-calendar.h
Examining data/gnome-calendar-3.38.1/tests/test-discoverer.c
Examining data/gnome-calendar-3.38.1/tests/test-event.c
Examining data/gnome-calendar-3.38.1/tests/test-range-tree.c
Examining data/gnome-calendar-3.38.1/tests/test-range.c
Examining data/gnome-calendar-3.38.1/tests/test-server.c
FINAL RESULTS:
data/gnome-calendar-3.38.1/src/utils/gcal-utils.c:657:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (str, buf, sz);
data/gnome-calendar-3.38.1/src/weather/gcal-weather-service.c:191:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (bufpos, str, normalized_size);
data/gnome-calendar-3.38.1/src/weather/gcal-weather-service.c:196:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (bufpos, night_pfx, night_pfx_size);
data/gnome-calendar-3.38.1/src/weather/gcal-weather-service.c:200:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (bufpos, sym_pfx, sym_pfx_size);
data/gnome-calendar-3.38.1/src/core/gcal-event.c:176:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
real_tzid += strlen (LIBICAL_TZID_PREFIX);
data/gnome-calendar-3.38.1/src/gconstructor.h:60:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__pragma(section(".CRT$XCU",read)) \
data/gnome-calendar-3.38.1/src/gconstructor.h:68:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__pragma(section(".CRT$XCU",read)) \
data/gnome-calendar-3.38.1/src/gconstructor.h:80:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
section(".CRT$XCU",read)
data/gnome-calendar-3.38.1/src/gconstructor.h:87:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
section(".CRT$XCU",read)
data/gnome-calendar-3.38.1/src/weather/gcal-weather-service.c:137:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const gssize suffix1_len = strlen (suffix1);
data/gnome-calendar-3.38.1/src/weather/gcal-weather-service.c:140:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const gssize suffix2_len = strlen (suffix2);
data/gnome-calendar-3.38.1/src/weather/gcal-weather-service.c:145:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len = strlen (str);
data/gnome-calendar-3.38.1/src/weather/gcal-weather-service.c:311:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (normalized_name_len == strlen (icons[i].name) &&
data/gnome-calendar-3.38.1/tests/gcal-simple-server.c:62:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (GCAL_TEST_SERVER_EMPTY_CALENDAR));
ANALYSIS SUMMARY:
Hits = 14
Lines analyzed = 40925 in approximately 0.80 seconds (51112 lines/second)
Physical Source Lines of Code (SLOC) = 26893
Hits@level = [0] 0 [1] 10 [2] 4 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 14 [1+] 14 [2+] 4 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 0.520582 [1+] 0.520582 [2+] 0.148738 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.