Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gnome-disk-utility-3.38.0/src/disk-image-mounter/main.c
Examining data/gnome-disk-utility-3.38.0/src/disks/gduapplication.c
Examining data/gnome-disk-utility-3.38.0/src/disks/gduapplication.h
Examining data/gnome-disk-utility-3.38.0/src/disks/gduatasmartdialog.c
Examining data/gnome-disk-utility-3.38.0/src/disks/gduatasmartdialog.h
Examining data/gnome-disk-utility-3.38.0/src/disks/gdubenchmarkdialog.c
Examining data/gnome-disk-utility-3.38.0/src/disks/gdubenchmarkdialog.h
Examining data/gnome-disk-utility-3.38.0/src/disks/gduchangepassphrasedialog.c
Examining data/gnome-disk-utility-3.38.0/src/disks/gduchangepassphrasedialog.h
Examining data/gnome-disk-utility-3.38.0/src/disks/gducreateconfirmpage.c
Examining data/gnome-disk-utility-3.38.0/src/disks/gducreateconfirmpage.h
Examining data/gnome-disk-utility-3.38.0/src/disks/gducreatediskimagedialog.c
Examining data/gnome-disk-utility-3.38.0/src/disks/gducreatediskimagedialog.h
Examining data/gnome-disk-utility-3.38.0/src/disks/gducreatefilesystempage.c
Examining data/gnome-disk-utility-3.38.0/src/disks/gducreatefilesystempage.h
Examining data/gnome-disk-utility-3.38.0/src/disks/gducreateformatdialog.c
Examining data/gnome-disk-utility-3.38.0/src/disks/gducreateformatdialog.h
Examining data/gnome-disk-utility-3.38.0/src/disks/gducreateotherpage.c
Examining data/gnome-disk-utility-3.38.0/src/disks/gducreateotherpage.h
Examining data/gnome-disk-utility-3.38.0/src/disks/gducreatepartitionpage.c
Examining data/gnome-disk-utility-3.38.0/src/disks/gducreatepartitionpage.h
Examining data/gnome-disk-utility-3.38.0/src/disks/gducreatepasswordpage.c
Examining data/gnome-disk-utility-3.38.0/src/disks/gducreatepasswordpage.h
Examining data/gnome-disk-utility-3.38.0/src/disks/gducrypttabdialog.c
Examining data/gnome-disk-utility-3.38.0/src/disks/gducrypttabdialog.h
Examining data/gnome-disk-utility-3.38.0/src/disks/gdudevicetreemodel.c
Examining data/gnome-disk-utility-3.38.0/src/disks/gdudevicetreemodel.h
Examining data/gnome-disk-utility-3.38.0/src/disks/gdudisksettingsdialog.c
Examining data/gnome-disk-utility-3.38.0/src/disks/gdudisksettingsdialog.h
Examining data/gnome-disk-utility-3.38.0/src/disks/gdudvdsupport.c
Examining data/gnome-disk-utility-3.38.0/src/disks/gdudvdsupport.h
Examining data/gnome-disk-utility-3.38.0/src/disks/gduenums.h
Examining data/gnome-disk-utility-3.38.0/src/disks/gduestimator.c
Examining data/gnome-disk-utility-3.38.0/src/disks/gduestimator.h
Examining data/gnome-disk-utility-3.38.0/src/disks/gdufilesystemdialog.c
Examining data/gnome-disk-utility-3.38.0/src/disks/gdufilesystemdialog.h
Examining data/gnome-disk-utility-3.38.0/src/disks/gduformatdiskdialog.c
Examining data/gnome-disk-utility-3.38.0/src/disks/gduformatdiskdialog.h
Examining data/gnome-disk-utility-3.38.0/src/disks/gdufstabdialog.c
Examining data/gnome-disk-utility-3.38.0/src/disks/gdufstabdialog.h
Examining data/gnome-disk-utility-3.38.0/src/disks/gdulocaljob.c
Examining data/gnome-disk-utility-3.38.0/src/disks/gdulocaljob.h
Examining data/gnome-disk-utility-3.38.0/src/disks/gdunewdiskimagedialog.c
Examining data/gnome-disk-utility-3.38.0/src/disks/gdunewdiskimagedialog.h
Examining data/gnome-disk-utility-3.38.0/src/disks/gdupartitiondialog.c
Examining data/gnome-disk-utility-3.38.0/src/disks/gdupartitiondialog.h
Examining data/gnome-disk-utility-3.38.0/src/disks/gdupasswordstrengthwidget.c
Examining data/gnome-disk-utility-3.38.0/src/disks/gdupasswordstrengthwidget.h
Examining data/gnome-disk-utility-3.38.0/src/disks/gduresizedialog.c
Examining data/gnome-disk-utility-3.38.0/src/disks/gduresizedialog.h
Examining data/gnome-disk-utility-3.38.0/src/disks/gdurestorediskimagedialog.c
Examining data/gnome-disk-utility-3.38.0/src/disks/gdurestorediskimagedialog.h
Examining data/gnome-disk-utility-3.38.0/src/disks/gdutypes.h
Examining data/gnome-disk-utility-3.38.0/src/disks/gduunlockdialog.c
Examining data/gnome-disk-utility-3.38.0/src/disks/gduunlockdialog.h
Examining data/gnome-disk-utility-3.38.0/src/disks/gduvolumegrid.c
Examining data/gnome-disk-utility-3.38.0/src/disks/gduvolumegrid.h
Examining data/gnome-disk-utility-3.38.0/src/disks/gduwindow.c
Examining data/gnome-disk-utility-3.38.0/src/disks/gduwindow.h
Examining data/gnome-disk-utility-3.38.0/src/disks/gduxzdecompressor.c
Examining data/gnome-disk-utility-3.38.0/src/disks/gduxzdecompressor.h
Examining data/gnome-disk-utility-3.38.0/src/disks/main.c
Examining data/gnome-disk-utility-3.38.0/src/libgdu/gduutils.c
Examining data/gnome-disk-utility-3.38.0/src/libgdu/gduutils.h
Examining data/gnome-disk-utility-3.38.0/src/libgdu/libgdu.h
Examining data/gnome-disk-utility-3.38.0/src/libgdu/libgduenums.h
Examining data/gnome-disk-utility-3.38.0/src/libgdu/libgdutypes.h
Examining data/gnome-disk-utility-3.38.0/src/notify/gdusdmanager.c
Examining data/gnome-disk-utility-3.38.0/src/notify/gdusdmanager.h
Examining data/gnome-disk-utility-3.38.0/src/notify/gdusdmonitor.c
Examining data/gnome-disk-utility-3.38.0/src/notify/gdusdmonitor.h
Examining data/gnome-disk-utility-3.38.0/src/notify/main.c

FINAL RESULTS:

data/gnome-disk-utility-3.38.0/src/disks/gdubenchmarkdialog.c:1395:26:  [3] (random) g_rand_double_range:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
      offset = (guint64) g_rand_double_range (rand, 0, (gdouble) disk_size);
data/gnome-disk-utility-3.38.0/src/libgdu/gduutils.c:230:10:  [3] (buffer) g_get_home_dir:
  This function is synonymous with 'getenv("HOME")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
  home = g_get_home_dir ();
data/gnome-disk-utility-3.38.0/src/libgdu/gduutils.c:1149:17:  [3] (buffer) g_get_home_dir:
  This function is synonymous with 'getenv("HOME")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
      homedir = g_get_home_dir ();
data/gnome-disk-utility-3.38.0/src/disk-image-mounter/main.c:196:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      fd = open (filename, opt_writable ? O_RDWR : O_RDONLY);
data/gnome-disk-utility-3.38.0/src/disks/gducreatediskimagedialog.c:661:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      fd = open (device_file, O_RDONLY);
data/gnome-disk-utility-3.38.0/src/disks/gduwindow.c:782:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fd = open (filename, O_RDWR);
data/gnome-disk-utility-3.38.0/src/disks/gduwindow.c:784:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = open (filename, O_RDONLY);
data/gnome-disk-utility-3.38.0/src/disks/gdubenchmarkdialog.c:768:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (id == NULL || strlen (id) == 0)
data/gnome-disk-utility-3.38.0/src/disks/gdubenchmarkdialog.c:1254:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if (read (fd, buffer, page_size) != page_size)
data/gnome-disk-utility-3.38.0/src/disks/gdubenchmarkdialog.c:1279:18:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      num_read = read (fd, buffer, data->bm_sample_size_mib*1024*1024);
data/gnome-disk-utility-3.38.0/src/disks/gdubenchmarkdialog.c:1317:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
          if (read (fd, buffer, page_size) != page_size)
data/gnome-disk-utility-3.38.0/src/disks/gdubenchmarkdialog.c:1409:18:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      num_read = read (fd, buffer, page_size);
data/gnome-disk-utility-3.38.0/src/disks/gduchangepassphrasedialog.c:113:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen (passphrase) > 0 && strlen (confirm_passphrase) > 0 && g_strcmp0 (passphrase, confirm_passphrase) != 0)
data/gnome-disk-utility-3.38.0/src/disks/gduchangepassphrasedialog.c:113:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen (passphrase) > 0 && strlen (confirm_passphrase) > 0 && g_strcmp0 (passphrase, confirm_passphrase) != 0)
data/gnome-disk-utility-3.38.0/src/disks/gduchangepassphrasedialog.c:122:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen (existing_passphrase) > 0 && strlen (passphrase) > 0 && g_strcmp0 (passphrase, existing_passphrase) == 0)
data/gnome-disk-utility-3.38.0/src/disks/gduchangepassphrasedialog.c:122:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen (existing_passphrase) > 0 && strlen (passphrase) > 0 && g_strcmp0 (passphrase, existing_passphrase) == 0)
data/gnome-disk-utility-3.38.0/src/disks/gduchangepassphrasedialog.c:132:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen (existing_passphrase) > 0 && strlen (passphrase) > 0 &&
data/gnome-disk-utility-3.38.0/src/disks/gduchangepassphrasedialog.c:132:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen (existing_passphrase) > 0 && strlen (passphrase) > 0 &&
data/gnome-disk-utility-3.38.0/src/disks/gduchangepassphrasedialog.c:163:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              strlen (passphrase_path) > 0)
data/gnome-disk-utility-3.38.0/src/disks/gducreateconfirmpage.c:116:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (s != NULL && strlen(s) > 0)
data/gnome-disk-utility-3.38.0/src/disks/gducreatediskimagedialog.c:215:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen (gtk_entry_get_text (GTK_ENTRY (data->name_entry))) > 0)
data/gnome-disk-utility-3.38.0/src/disks/gducreatediskimagedialog.c:248:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    memmove (device_name, device_name + 5, strlen (device_name) - 5 + 1);
data/gnome-disk-utility-3.38.0/src/disks/gducreatediskimagedialog.c:264:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (fslabel != NULL && strlen (fslabel) > 0)
data/gnome-disk-utility-3.38.0/src/disks/gducreatediskimagedialog.c:563:24:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      num_bytes_read = read (fd, buffer, size);
data/gnome-disk-utility-3.38.0/src/disks/gducreatediskimagedialog.c:1121:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                              strlen (gtk_entry_get_text (GTK_ENTRY (data->name_entry))) - 4);
data/gnome-disk-utility-3.38.0/src/disks/gducrypttabdialog.c:107:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (strlen (ui_passphrase_contents) > 0)
data/gnome-disk-utility-3.38.0/src/disks/gducrypttabdialog.c:125:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      else if (strlen (ui_passphrase_contents) > 0)
data/gnome-disk-utility-3.38.0/src/disks/gducrypttabdialog.c:127:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          if (strlen (passphrase_path) == 0)
data/gnome-disk-utility-3.38.0/src/disks/gducrypttabdialog.c:134:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          if (strlen (passphrase_path) == 0)
data/gnome-disk-utility-3.38.0/src/disks/gducrypttabdialog.c:290:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  if (strlen (path) > 0 && !g_str_has_prefix (path, "/dev"))
data/gnome-disk-utility-3.38.0/src/disks/gducrypttabdialog.c:304:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          if (strlen (ui_passphrase_contents) > 0)
data/gnome-disk-utility-3.38.0/src/disks/gdudvdsupport.c:464:28:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
          num_bytes_read = read (fd, cur_buffer, num_to_read_in_range);
data/gnome-disk-utility-3.38.0/src/disks/gduformatdiskdialog.c:355:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen (erase_type) > 0)
data/gnome-disk-utility-3.38.0/src/disks/gdufstabdialog.c:109:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (strlen (ui_fsname) == 0 ||
data/gnome-disk-utility-3.38.0/src/disks/gdufstabdialog.c:110:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          strlen (ui_dir) == 0 ||
data/gnome-disk-utility-3.38.0/src/disks/gdufstabdialog.c:111:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          strlen (ui_type) == 0 ||
data/gnome-disk-utility-3.38.0/src/disks/gdufstabdialog.c:112:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          strlen (ui_opts) == 0)
data/gnome-disk-utility-3.38.0/src/disks/gdufstabdialog.c:268:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (uuid != NULL && strlen (uuid) > 0)
data/gnome-disk-utility-3.38.0/src/disks/gdufstabdialog.c:279:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (label != NULL && strlen (label) > 0)
data/gnome-disk-utility-3.38.0/src/disks/gdunewdiskimagedialog.c:121:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      strlen (gtk_entry_get_text (GTK_ENTRY (data->name_entry))) > 0)
data/gnome-disk-utility-3.38.0/src/disks/gdunewdiskimagedialog.c:412:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                              strlen (gtk_entry_get_text (GTK_ENTRY (data->name_entry))) - 4);
data/gnome-disk-utility-3.38.0/src/disks/gduunlockdialog.c:217:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          if (text_pim && strlen (text_pim) > 0)
data/gnome-disk-utility-3.38.0/src/disks/gduvolumegrid.c:1665:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen (label) == 0)
data/gnome-disk-utility-3.38.0/src/disks/gduvolumegrid.c:1675:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen (label) == 0)
data/gnome-disk-utility-3.38.0/src/disks/gduvolumegrid.c:1694:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen (name) > 0)
data/gnome-disk-utility-3.38.0/src/disks/gduwindow.c:1504:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (markup == NULL || strlen (markup) == 0)
data/gnome-disk-utility-3.38.0/src/disks/gduwindow.c:2083:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen (drive_vendor) == 0)
data/gnome-disk-utility-3.38.0/src/disks/gduwindow.c:2085:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  else if (strlen (drive_model) == 0)
data/gnome-disk-utility-3.38.0/src/disks/gduwindow.c:2089:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen (drive_revision) > 0)
data/gnome-disk-utility-3.38.0/src/disks/gduwindow.c:2102:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (serial == NULL || strlen (serial) == 0)
data/gnome-disk-utility-3.38.0/src/disks/gduwindow.c:2998:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (name == NULL || strlen (name) == 0)
data/gnome-disk-utility-3.38.0/src/disks/gduwindow.c:3118:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (name == NULL || strlen (name) == 0)
data/gnome-disk-utility-3.38.0/src/disks/gduwindow.c:4143:79:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      UDisksObject *object = udisks_client_peek_object (window->client, uri + strlen ("x-udisks://"));
data/gnome-disk-utility-3.38.0/src/libgdu/gduutils.c:49:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  strlen (passphrase_path) > 0 &&
data/gnome-disk-utility-3.38.0/src/libgdu/gduutils.c:96:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (folder == NULL || strlen (folder) == 0)
data/gnome-disk-utility-3.38.0/src/libgdu/gduutils.c:233:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      size_t home_len = strlen (home);
data/gnome-disk-utility-3.38.0/src/libgdu/gduutils.c:270:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                *out_value = g_strdup (options[n] + strlen (option));
data/gnome-disk-utility-3.38.0/src/libgdu/gduutils.c:300:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                       strlen (text) > 0 ? "," : "",
data/gnome-disk-utility-3.38.0/src/libgdu/gduutils.c:387:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          if (strlen (ui_escaped) > 0)
data/gnome-disk-utility-3.38.0/src/libgdu/gduutils.c:1153:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          ret = g_strdup_printf ("~/%s", ret + strlen (homedir) + 1);

ANALYSIS SUMMARY:

Hits = 60
Lines analyzed = 26211 in approximately 0.59 seconds (44672 lines/second)
Physical Source Lines of Code (SLOC) = 20455
Hits@level = [0]   3 [1]  53 [2]   4 [3]   3 [4]   0 [5]   0
Hits@level+ = [0+]  63 [1+]  60 [2+]   7 [3+]   3 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 3.07993 [1+] 2.93327 [2+] 0.342215 [3+] 0.146663 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.