Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gnome-dictionary-3.26.1/src/gdict-window.h
Examining data/gnome-dictionary-3.26.1/src/gdict-common.h
Examining data/gnome-dictionary-3.26.1/src/gdict-sidebar.h
Examining data/gnome-dictionary-3.26.1/src/gdict-print.h
Examining data/gnome-dictionary-3.26.1/src/main.c
Examining data/gnome-dictionary-3.26.1/src/gdict-print.c
Examining data/gnome-dictionary-3.26.1/src/gdict-about.h
Examining data/gnome-dictionary-3.26.1/src/gdict-app.c
Examining data/gnome-dictionary-3.26.1/src/gdict-about.c
Examining data/gnome-dictionary-3.26.1/src/gdict-sidebar.c
Examining data/gnome-dictionary-3.26.1/src/gdict-pref-dialog.h
Examining data/gnome-dictionary-3.26.1/src/gdict-source-dialog.c
Examining data/gnome-dictionary-3.26.1/src/gdict-pref-dialog.c
Examining data/gnome-dictionary-3.26.1/src/gdict-window.c
Examining data/gnome-dictionary-3.26.1/src/gdict-app.h
Examining data/gnome-dictionary-3.26.1/src/gdict-common.c
Examining data/gnome-dictionary-3.26.1/src/gdict-source-dialog.h
Examining data/gnome-dictionary-3.26.1/libgdict/gdict-speller.h
Examining data/gnome-dictionary-3.26.1/libgdict/gdict-context-private.h
Examining data/gnome-dictionary-3.26.1/libgdict/gdict-context.h
Examining data/gnome-dictionary-3.26.1/libgdict/gdict-defbox.c
Examining data/gnome-dictionary-3.26.1/libgdict/gdict-debug.h
Examining data/gnome-dictionary-3.26.1/libgdict/gdict-source-chooser.h
Examining data/gnome-dictionary-3.26.1/libgdict/gdict-database-chooser-button.h
Examining data/gnome-dictionary-3.26.1/libgdict/gdict-context.c
Examining data/gnome-dictionary-3.26.1/libgdict/gdict-strategy-chooser.c
Examining data/gnome-dictionary-3.26.1/libgdict/gdict-database-chooser.c
Examining data/gnome-dictionary-3.26.1/libgdict/gdict-source-loader.c
Examining data/gnome-dictionary-3.26.1/libgdict/gdict-source-chooser.c
Examining data/gnome-dictionary-3.26.1/libgdict/gdict.h
Examining data/gnome-dictionary-3.26.1/libgdict/gdict-database-chooser.h
Examining data/gnome-dictionary-3.26.1/libgdict/gdict-client-context.h
Examining data/gnome-dictionary-3.26.1/libgdict/gdict-source.h
Examining data/gnome-dictionary-3.26.1/libgdict/gdict-source.c
Examining data/gnome-dictionary-3.26.1/libgdict/gdict-utils.c
Examining data/gnome-dictionary-3.26.1/libgdict/gdict-database-chooser-button.c
Examining data/gnome-dictionary-3.26.1/libgdict/gdict-client-context.c
Examining data/gnome-dictionary-3.26.1/libgdict/gdict-defbox.h
Examining data/gnome-dictionary-3.26.1/libgdict/gdict-source-loader.h
Examining data/gnome-dictionary-3.26.1/libgdict/gdict-private.h
Examining data/gnome-dictionary-3.26.1/libgdict/gdict-speller.c
Examining data/gnome-dictionary-3.26.1/libgdict/gdict-utils.h
Examining data/gnome-dictionary-3.26.1/libgdict/gdict-strategy-chooser.h
FINAL RESULTS:
data/gnome-dictionary-3.26.1/src/gdict-common.c:57:30: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
retval = g_build_filename (g_get_home_dir (),
data/gnome-dictionary-3.26.1/src/gdict-window.c:828:67: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
gtk_file_chooser_set_current_folder (GTK_FILE_CHOOSER (dialog), g_get_home_dir ());
data/gnome-dictionary-3.26.1/libgdict/gdict-client-context.c:1066:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&((struct sockaddr_in6 *) &priv->sockaddr)->sin6_addr,
data/gnome-dictionary-3.26.1/libgdict/gdict-client-context.c:1071:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&((struct sockaddr_in *) &priv->sockaddr)->sin_addr,
data/gnome-dictionary-3.26.1/libgdict/gdict-client-context.c:1108:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&((struct sockaddr_in *) &(priv->sockaddr))->sin_addr,
data/gnome-dictionary-3.26.1/libgdict/gdict-client-context.c:1402:67: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
GDICT_NOTE (DICT, "server replied: %d databases found", atoi (p));
data/gnome-dictionary-3.26.1/libgdict/gdict-client-context.c:1452:68: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
GDICT_NOTE (DICT, "server replied: %d strategies found", atoi (p));
data/gnome-dictionary-3.26.1/libgdict/gdict-client-context.c:1500:69: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
GDICT_NOTE (DICT, "server replied: %d definitions found", atoi (p));
data/gnome-dictionary-3.26.1/libgdict/gdict-client-context.c:1502:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
def = _gdict_definition_new (atoi (p));
data/gnome-dictionary-3.26.1/libgdict/gdict-client-context.c:1612:65: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
GDICT_NOTE (DICT, "server replied: %d matches found", atoi (p));
data/gnome-dictionary-3.26.1/libgdict/gdict-client-context.c:1676:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
possible_status = atoi (status);
data/gnome-dictionary-3.26.1/src/gdict-app.c:329:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *lookup_accels[2] = { "<Primary>l", NULL };
data/gnome-dictionary-3.26.1/src/gdict-app.c:330:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *escape_accels[2] = { "Escape", NULL };
data/gnome-dictionary-3.26.1/src/gdict-source-dialog.c:300:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
"port", atoi (port),
data/gnome-dictionary-3.26.1/src/gdict-source-dialog.c:394:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
"port", atoi (port),
data/gnome-dictionary-3.26.1/libgdict/gdict-client-context.c:1664:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (line) < 3)
data/gnome-dictionary-3.26.1/libgdict/gdict-defbox.c:408:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
needle_len = strlen (needle);
data/gnome-dictionary-3.26.1/libgdict/gdict-defbox.c:464:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
needle_len = strlen (needle);
data/gnome-dictionary-3.26.1/libgdict/gdict-defbox.c:508:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_s1 = strlen (normalized_s1);
data/gnome-dictionary-3.26.1/libgdict/gdict-defbox.c:509:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_s2 = strlen (normalized_s2);
data/gnome-dictionary-3.26.1/libgdict/gdict-defbox.c:649:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (utf8_caselessnmatch (line_text, *lines, strlen (line_text),
data/gnome-dictionary-3.26.1/libgdict/gdict-defbox.c:650:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (*lines)))
data/gnome-dictionary-3.26.1/libgdict/gdict-defbox.c:747:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (utf8_caselessnmatch (line_text, *lines, strlen (line_text),
data/gnome-dictionary-3.26.1/libgdict/gdict-defbox.c:748:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (*lines)))
data/gnome-dictionary-3.26.1/libgdict/gdict-defbox.c:809:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
guint delimiter_len = strlen (delimiter);
data/gnome-dictionary-3.26.1/libgdict/gdict-defbox.c:817:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (new_string, string, len);
data/gnome-dictionary-3.26.1/libgdict/gdict-defbox.c:2071:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text, strlen (text),
data/gnome-dictionary-3.26.1/libgdict/gdict-defbox.c:2090:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len = strlen (str);
data/gnome-dictionary-3.26.1/libgdict/gdict-defbox.c:2114:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len = strlen (str);
data/gnome-dictionary-3.26.1/libgdict/gdict-defbox.c:2155:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gint w_len = strlen (w);
data/gnome-dictionary-3.26.1/libgdict/gdict-defbox.c:2298:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text, strlen (text),
data/gnome-dictionary-3.26.1/libgdict/gdict-defbox.c:2327:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
title, strlen (title),
data/gnome-dictionary-3.26.1/libgdict/gdict-defbox.c:2337:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
message, strlen (message),
data/gnome-dictionary-3.26.1/libgdict/gdict-defbox.c:2691:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*length = strlen (retval);
ANALYSIS SUMMARY:
Hits = 34
Lines analyzed = 19445 in approximately 0.46 seconds (42232 lines/second)
Physical Source Lines of Code (SLOC) = 12740
Hits@level = [0] 0 [1] 19 [2] 13 [3] 2 [4] 0 [5] 0
Hits@level+ = [0+] 34 [1+] 34 [2+] 15 [3+] 2 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 2.66876 [1+] 2.66876 [2+] 1.17739 [3+] 0.156986 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.