stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gnome-twitch-0.4.1/include/gnome-twitch/gt-log.h
Examining data/gnome-twitch-0.4.1/include/gnome-twitch/gt-player-backend.h
Examining data/gnome-twitch-0.4.1/player-backends/player-backend-gstreamer-cairo/gt-player-backend-gstreamer-cairo.c
Examining data/gnome-twitch-0.4.1/player-backends/player-backend-gstreamer-cairo/gt-player-backend-gstreamer-cairo.h
Examining data/gnome-twitch-0.4.1/player-backends/player-backend-gstreamer-clutter/gt-player-backend-gstreamer-clutter.c
Examining data/gnome-twitch-0.4.1/player-backends/player-backend-gstreamer-clutter/gt-player-backend-gstreamer-clutter.h
Examining data/gnome-twitch-0.4.1/player-backends/player-backend-gstreamer-opengl/gt-player-backend-gstreamer-opengl.c
Examining data/gnome-twitch-0.4.1/player-backends/player-backend-gstreamer-opengl/gt-player-backend-gstreamer-opengl.h
Examining data/gnome-twitch-0.4.1/player-backends/player-backend-mpv-opengl/gt-player-backend-mpv-opengl.c
Examining data/gnome-twitch-0.4.1/player-backends/player-backend-mpv-opengl/gt-player-backend-mpv-opengl.h
Examining data/gnome-twitch-0.4.1/src/gt-app.c
Examining data/gnome-twitch-0.4.1/src/gt-app.h
Examining data/gnome-twitch-0.4.1/src/gt-browse-header-bar.c
Examining data/gnome-twitch-0.4.1/src/gt-browse-header-bar.h
Examining data/gnome-twitch-0.4.1/src/gt-channel-container-view.c
Examining data/gnome-twitch-0.4.1/src/gt-channel-container-view.h
Examining data/gnome-twitch-0.4.1/src/gt-channel.c
Examining data/gnome-twitch-0.4.1/src/gt-channel.h
Examining data/gnome-twitch-0.4.1/src/gt-channels-container-child.c
Examining data/gnome-twitch-0.4.1/src/gt-channels-container-child.h
Examining data/gnome-twitch-0.4.1/src/gt-chat.c
Examining data/gnome-twitch-0.4.1/src/gt-chat.h
Examining data/gnome-twitch-0.4.1/src/gt-container-view.c
Examining data/gnome-twitch-0.4.1/src/gt-container-view.h
Examining data/gnome-twitch-0.4.1/src/gt-enums.c
Examining data/gnome-twitch-0.4.1/src/gt-enums.h
Examining data/gnome-twitch-0.4.1/src/gt-followed-channel-container.c
Examining data/gnome-twitch-0.4.1/src/gt-followed-channel-container.h
Examining data/gnome-twitch-0.4.1/src/gt-followed-container-view.c
Examining data/gnome-twitch-0.4.1/src/gt-followed-container-view.h
Examining data/gnome-twitch-0.4.1/src/gt-follows-manager.c
Examining data/gnome-twitch-0.4.1/src/gt-follows-manager.h
Examining data/gnome-twitch-0.4.1/src/gt-game-channel-container.c
Examining data/gnome-twitch-0.4.1/src/gt-game-channel-container.h
Examining data/gnome-twitch-0.4.1/src/gt-game-container-view.c
Examining data/gnome-twitch-0.4.1/src/gt-game-container-view.h
Examining data/gnome-twitch-0.4.1/src/gt-game.c
Examining data/gnome-twitch-0.4.1/src/gt-game.h
Examining data/gnome-twitch-0.4.1/src/gt-games-container-child.c
Examining data/gnome-twitch-0.4.1/src/gt-games-container-child.h
Examining data/gnome-twitch-0.4.1/src/gt-irc.c
Examining data/gnome-twitch-0.4.1/src/gt-irc.h
Examining data/gnome-twitch-0.4.1/src/gt-item-container.c
Examining data/gnome-twitch-0.4.1/src/gt-item-container.h
Examining data/gnome-twitch-0.4.1/src/gt-player-backend.c
Examining data/gnome-twitch-0.4.1/src/gt-player-header-bar.c
Examining data/gnome-twitch-0.4.1/src/gt-player-header-bar.h
Examining data/gnome-twitch-0.4.1/src/gt-player.c
Examining data/gnome-twitch-0.4.1/src/gt-player.h
Examining data/gnome-twitch-0.4.1/src/gt-resource-downloader.c
Examining data/gnome-twitch-0.4.1/src/gt-resource-downloader.h
Examining data/gnome-twitch-0.4.1/src/gt-search-channel-container.c
Examining data/gnome-twitch-0.4.1/src/gt-search-channel-container.h
Examining data/gnome-twitch-0.4.1/src/gt-search-game-container.c
Examining data/gnome-twitch-0.4.1/src/gt-search-game-container.h
Examining data/gnome-twitch-0.4.1/src/gt-settings-dlg.c
Examining data/gnome-twitch-0.4.1/src/gt-settings-dlg.h
Examining data/gnome-twitch-0.4.1/src/gt-top-channel-container.c
Examining data/gnome-twitch-0.4.1/src/gt-top-channel-container.h
Examining data/gnome-twitch-0.4.1/src/gt-top-game-container.c
Examining data/gnome-twitch-0.4.1/src/gt-top-game-container.h
Examining data/gnome-twitch-0.4.1/src/gt-twitch-channel-info-dlg.c
Examining data/gnome-twitch-0.4.1/src/gt-twitch-channel-info-dlg.h
Examining data/gnome-twitch-0.4.1/src/gt-twitch-login-dlg.c
Examining data/gnome-twitch-0.4.1/src/gt-twitch-login-dlg.h
Examining data/gnome-twitch-0.4.1/src/gt-twitch.h
Examining data/gnome-twitch-0.4.1/src/gt-win.c
Examining data/gnome-twitch-0.4.1/src/gt-win.h
Examining data/gnome-twitch-0.4.1/src/main.c
Examining data/gnome-twitch-0.4.1/src/utils.c
Examining data/gnome-twitch-0.4.1/src/utils.h
Examining data/gnome-twitch-0.4.1/src/gt-twitch.c

FINAL RESULTS:

data/gnome-twitch-0.4.1/src/gt-irc.c:912:55:  [3] (random) g_random_int_range:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
        gchar* _nick = g_strdup_printf("justinfan%d", g_random_int_range(1, 9999999));
data/gnome-twitch-0.4.1/src/gt-irc.c:1090:11:  [3] (random) g_random_int:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    pos = g_random_int() % g_list_length(servers);
data/gnome-twitch-0.4.1/src/gt-twitch.c:627:35:  [3] (random) g_random_int_range:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
        token->token, token->sig, g_random_int_range(0, 999999));
data/gnome-twitch-0.4.1/src/gt-irc.c:458:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            if (atoi(utils_search_key_value_strv(msg->tags, "subscriber")))
data/gnome-twitch-0.4.1/src/gt-irc.c:460:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            if (atoi(utils_search_key_value_strv(msg->tags, "turbo")))
data/gnome-twitch-0.4.1/src/gt-irc.c:527:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                id = atoi(strsep(&e, ":"));
data/gnome-twitch-0.4.1/src/gt-irc.c:534:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    emp->start = atoi(strsep(&i, "-"));
data/gnome-twitch-0.4.1/src/gt-irc.c:535:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    emp->end = atoi(strsep(&i, "-"));
data/gnome-twitch-0.4.1/src/gt-twitch.c:432:41:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    stream->bandwidth = atol(*(split+1));
data/gnome-twitch-0.4.1/src/gt-twitch.c:438:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    stream->width = atoi(*res);
data/gnome-twitch-0.4.1/src/gt-twitch.c:439:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    stream->height = atoi(*(res+1));
data/gnome-twitch-0.4.1/src/gt-twitch.c:2494:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            emote->set = atoi(*c);
data/gnome-twitch-0.4.1/src/gt-chat.c:145:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(text) == 0 || text[strlen(text) - 1] == ' ')
data/gnome-twitch-0.4.1/src/gt-chat.c:145:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(text) == 0 || text[strlen(text) - 1] == ' ')
data/gnome-twitch-0.4.1/src/gt-chat.c:288:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (!privmsg->colour || strlen(privmsg->colour) < 1)
data/gnome-twitch-0.4.1/src/gt-irc.c:448:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                line[strlen(line) - 1] = '\0';
data/gnome-twitch-0.4.1/src/gt-irc.c:712:70:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    for (gchar* line = g_data_input_stream_read_line(data->istream, &read, NULL, &err); !err;
data/gnome-twitch-0.4.1/src/gt-irc.c:713:63:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
         line = g_data_input_stream_read_line(data->istream, &read, NULL, &err))
data/gnome-twitch-0.4.1/src/gt-twitch-channel-info-dlg.c:323:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (panel->link && strlen(panel->link) > 0)
data/gnome-twitch-0.4.1/src/gt-twitch-channel-info-dlg.c:347:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (panel->title && strlen(panel->title) > 0)
data/gnome-twitch-0.4.1/src/gt-twitch-login-dlg.c:160:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (uri == NULL || strlen(uri) == 0) return FALSE;
data/gnome-twitch-0.4.1/src/gt-twitch.c:420:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strncmp(*l, STREAM_INFO, strlen(STREAM_INFO)) == 0)
data/gnome-twitch-0.4.1/src/gt-twitch.c:452:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    quality[strlen(quality) - 1] = '\0';
data/gnome-twitch-0.4.1/src/utils.c:224:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return !(str && strlen(str) > 0);

ANALYSIS SUMMARY:

Hits = 24
Lines analyzed = 18493 in approximately 0.50 seconds (36800 lines/second)
Physical Source Lines of Code (SLOC) = 13206
Hits@level = [0]   3 [1]  12 [2]   9 [3]   3 [4]   0 [5]   0
Hits@level+ = [0+]  27 [1+]  24 [2+]  12 [3+]   3 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 2.04453 [1+] 1.81736 [2+] 0.908678 [3+] 0.227169 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.