Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/ibus-1.5.23/src/ibus.h Examining data/ibus-1.5.23/src/ibusaccelgroup.h Examining data/ibus-1.5.23/src/ibusattribute.h Examining data/ibus-1.5.23/src/ibusattrlist.h Examining data/ibus-1.5.23/src/ibusbus.h Examining data/ibus-1.5.23/src/ibuscomponent.h Examining data/ibus-1.5.23/src/ibusconfig.h Examining data/ibus-1.5.23/src/ibusconfigservice.h Examining data/ibus-1.5.23/src/ibusdebug.h Examining data/ibus-1.5.23/src/ibusemoji.h Examining data/ibus-1.5.23/src/ibusengine.h Examining data/ibus-1.5.23/src/ibusenginedesc.h Examining data/ibus-1.5.23/src/ibusenginesimple.h Examining data/ibus-1.5.23/src/ibuserror.h Examining data/ibus-1.5.23/src/ibusfactory.h Examining data/ibus-1.5.23/src/ibushotkey.h Examining data/ibus-1.5.23/src/ibusinputcontext.h Examining data/ibus-1.5.23/src/ibuskeymap.h Examining data/ibus-1.5.23/src/ibuskeys.h Examining data/ibus-1.5.23/src/ibuskeysyms-compat.h Examining data/ibus-1.5.23/src/ibuskeysyms.h Examining data/ibus-1.5.23/src/ibuslookuptable.h Examining data/ibus-1.5.23/src/ibusobject.h Examining data/ibus-1.5.23/src/ibusobservedpath.h Examining data/ibus-1.5.23/src/ibuspanelservice.h Examining data/ibus-1.5.23/src/ibusproperty.h Examining data/ibus-1.5.23/src/ibusproplist.h Examining data/ibus-1.5.23/src/ibusproxy.h Examining data/ibus-1.5.23/src/ibusregistry.h Examining data/ibus-1.5.23/src/ibusserializable.h Examining data/ibus-1.5.23/src/ibusservice.h Examining data/ibus-1.5.23/src/ibusshare.h Examining data/ibus-1.5.23/src/ibustext.h Examining data/ibus-1.5.23/src/ibustypes.h Examining data/ibus-1.5.23/src/ibusunicode.h Examining data/ibus-1.5.23/src/ibusutil.h Examining data/ibus-1.5.23/src/ibusxevent.h Examining data/ibus-1.5.23/src/ibusxml.h Examining data/ibus-1.5.23/src/ibusenumtypes.h Examining data/ibus-1.5.23/src/ibusversion.h Examining data/ibus-1.5.23/src/gtkimcontextsimpleseqs.h Examining data/ibus-1.5.23/src/ibuscomposetable.h Examining data/ibus-1.5.23/src/ibusemojigen.h Examining data/ibus-1.5.23/src/ibusenginesimpleprivate.h Examining data/ibus-1.5.23/src/ibusinternal.h Examining data/ibus-1.5.23/src/ibusunicodegen.h Examining data/ibus-1.5.23/src/keyname-table.h Examining data/ibus-1.5.23/src/ibuscomposetable.c Examining data/ibus-1.5.23/src/ibusenumtypes.c Examining data/ibus-1.5.23/src/ibusmarshalers.c Examining data/ibus-1.5.23/src/ibusaccelgroup.c Examining data/ibus-1.5.23/src/ibusattribute.c Examining data/ibus-1.5.23/src/ibusattrlist.c Examining data/ibus-1.5.23/src/ibusbus.c Examining data/ibus-1.5.23/src/ibuscomponent.c Examining data/ibus-1.5.23/src/ibusconfig.c Examining data/ibus-1.5.23/src/ibusconfigservice.c Examining data/ibus-1.5.23/src/ibusemoji.c Examining data/ibus-1.5.23/src/ibusengine.c Examining data/ibus-1.5.23/src/ibusenginedesc.c Examining data/ibus-1.5.23/src/ibusenginesimple.c Examining data/ibus-1.5.23/src/ibuserror.c Examining data/ibus-1.5.23/src/ibusfactory.c Examining data/ibus-1.5.23/src/ibushotkey.c Examining data/ibus-1.5.23/src/ibusinputcontext.c Examining data/ibus-1.5.23/src/ibuskeymap.c Examining data/ibus-1.5.23/src/ibuskeynames.c Examining data/ibus-1.5.23/src/ibuskeyuni.c Examining data/ibus-1.5.23/src/ibuslookuptable.c Examining data/ibus-1.5.23/src/ibusobject.c Examining data/ibus-1.5.23/src/ibusobservedpath.c Examining data/ibus-1.5.23/src/ibusproperty.c Examining data/ibus-1.5.23/src/ibusproplist.c Examining data/ibus-1.5.23/src/ibusproxy.c Examining data/ibus-1.5.23/src/ibusregistry.c Examining data/ibus-1.5.23/src/ibusserializable.c Examining data/ibus-1.5.23/src/ibusservice.c Examining data/ibus-1.5.23/src/ibustext.c Examining data/ibus-1.5.23/src/ibusunicode.c Examining data/ibus-1.5.23/src/ibusutil.c Examining data/ibus-1.5.23/src/ibusxevent.c Examining data/ibus-1.5.23/src/ibusxml.c Examining data/ibus-1.5.23/src/emoji-parser.c Examining data/ibus-1.5.23/src/unicode-parser.c Examining data/ibus-1.5.23/src/tests/ibus-bus.c Examining data/ibus-1.5.23/src/tests/ibus-compose.c Examining data/ibus-1.5.23/src/tests/ibus-config.c Examining data/ibus-1.5.23/src/tests/ibus-configservice.c Examining data/ibus-1.5.23/src/tests/ibus-engine-switch.c Examining data/ibus-1.5.23/src/tests/ibus-factory.c Examining data/ibus-1.5.23/src/tests/ibus-inputcontext.c Examining data/ibus-1.5.23/src/tests/ibus-inputcontext-create.c Examining data/ibus-1.5.23/src/tests/ibus-keynames.c Examining data/ibus-1.5.23/src/tests/ibus-keypress.c Examining data/ibus-1.5.23/src/tests/ibus-registry.c Examining data/ibus-1.5.23/src/tests/ibus-serializable.c Examining data/ibus-1.5.23/src/tests/ibus-share.c Examining data/ibus-1.5.23/src/tests/ibus-util.c Examining data/ibus-1.5.23/src/ibusshare.c Examining data/ibus-1.5.23/src/ibuspanelservice.c Examining data/ibus-1.5.23/bindings/vala/candidatearea.c Examining data/ibus-1.5.23/bindings/vala/emojier.c Examining data/ibus-1.5.23/bindings/vala/iconwidget.c Examining data/ibus-1.5.23/bindings/vala/pango.c Examining data/ibus-1.5.23/bindings/vala/separator.c Examining data/ibus-1.5.23/util/IMdkit/FrameMgr.h Examining data/ibus-1.5.23/util/IMdkit/IMdkit.h Examining data/ibus-1.5.23/util/IMdkit/Xi18n.h Examining data/ibus-1.5.23/util/IMdkit/Xi18nX.h Examining data/ibus-1.5.23/util/IMdkit/XimFunc.h Examining data/ibus-1.5.23/util/IMdkit/XimProto.h Examining data/ibus-1.5.23/util/IMdkit/Xtrans.h Examining data/ibus-1.5.23/util/IMdkit/FrameMgr.c Examining data/ibus-1.5.23/util/IMdkit/i18nAttr.c Examining data/ibus-1.5.23/util/IMdkit/i18nClbk.c Examining data/ibus-1.5.23/util/IMdkit/i18nIc.c Examining data/ibus-1.5.23/util/IMdkit/i18nIMProto.c Examining data/ibus-1.5.23/util/IMdkit/i18nMethod.c Examining data/ibus-1.5.23/util/IMdkit/i18nOffsetCache.c Examining data/ibus-1.5.23/util/IMdkit/i18nPtHdr.c Examining data/ibus-1.5.23/util/IMdkit/i18nUtil.c Examining data/ibus-1.5.23/util/IMdkit/i18nX.c Examining data/ibus-1.5.23/util/IMdkit/IMConn.c Examining data/ibus-1.5.23/util/IMdkit/IMMethod.c Examining data/ibus-1.5.23/util/IMdkit/IMValues.c Examining data/ibus-1.5.23/conf/dconf/main.c Examining data/ibus-1.5.23/conf/dconf/config.c Examining data/ibus-1.5.23/conf/dconf/config-private.h Examining data/ibus-1.5.23/conf/memconf/main.c Examining data/ibus-1.5.23/conf/memconf/config.c Examining data/ibus-1.5.23/conf/memconf/config.h Examining data/ibus-1.5.23/client/gtk2/ibusim.c Examining data/ibus-1.5.23/client/gtk2/ibusimcontext.c Examining data/ibus-1.5.23/client/gtk2/ibusimcontext.h Examining data/ibus-1.5.23/client/gtk3/ibusim.c Examining data/ibus-1.5.23/client/gtk3/ibusimcontext.c Examining data/ibus-1.5.23/client/gtk3/ibusimcontext.h Examining data/ibus-1.5.23/client/x11/gdk-private.h Examining data/ibus-1.5.23/client/x11/locales.h Examining data/ibus-1.5.23/client/x11/main.c Examining data/ibus-1.5.23/client/x11/gdk-private.c Examining data/ibus-1.5.23/client/wayland/input-method-unstable-v1-client-protocol.h Examining data/ibus-1.5.23/client/wayland/input-method-unstable-v1-protocol.c Examining data/ibus-1.5.23/client/wayland/main.c Examining data/ibus-1.5.23/portal/portal.c Examining data/ibus-1.5.23/portal/ibus-portal-dbus.c Examining data/ibus-1.5.23/portal/ibus-portal-dbus.h Examining data/ibus-1.5.23/engine/main.c Examining data/ibus-1.5.23/ui/gtk3/application.c Examining data/ibus-1.5.23/ui/gtk3/bindingcommon.c Examining data/ibus-1.5.23/ui/gtk3/candidatearea.c Examining data/ibus-1.5.23/ui/gtk3/candidatepanel.c Examining data/ibus-1.5.23/ui/gtk3/emojier.c Examining data/ibus-1.5.23/ui/gtk3/handle.c Examining data/ibus-1.5.23/ui/gtk3/iconwidget.c Examining data/ibus-1.5.23/ui/gtk3/indicator.c Examining data/ibus-1.5.23/ui/gtk3/keybindingmanager.c Examining data/ibus-1.5.23/ui/gtk3/panel.c Examining data/ibus-1.5.23/ui/gtk3/pango.c Examining data/ibus-1.5.23/ui/gtk3/property.c Examining data/ibus-1.5.23/ui/gtk3/propertypanel.c Examining data/ibus-1.5.23/ui/gtk3/separator.c Examining data/ibus-1.5.23/ui/gtk3/switcher.c Examining data/ibus-1.5.23/ui/gtk3/xkblayout.c Examining data/ibus-1.5.23/ui/gtk3/extension.c Examining data/ibus-1.5.23/ui/gtk3/panelbinding.c Examining data/ibus-1.5.23/ui/gtk3/emojierapp.c Examining data/ibus-1.5.23/ui/gtk3/gen-notification-item.xml.c Examining data/ibus-1.5.23/ui/gtk3/gen-notification-watcher.xml.c Examining data/ibus-1.5.23/ui/gtk3/ibusemojidialog.h Examining data/ibus-1.5.23/tools/main.c Examining data/ibus-1.5.23/bus/component.c Examining data/ibus-1.5.23/bus/component.h Examining data/ibus-1.5.23/bus/dbusimpl.c Examining data/ibus-1.5.23/bus/dbusimpl.h Examining data/ibus-1.5.23/bus/ibusimpl.c Examining data/ibus-1.5.23/bus/ibusimpl.h Examining data/ibus-1.5.23/bus/inputcontext.c Examining data/ibus-1.5.23/bus/inputcontext.h Examining data/ibus-1.5.23/bus/engineproxy.c Examining data/ibus-1.5.23/bus/engineproxy.h Examining data/ibus-1.5.23/bus/panelproxy.c Examining data/ibus-1.5.23/bus/panelproxy.h Examining data/ibus-1.5.23/bus/factoryproxy.c Examining data/ibus-1.5.23/bus/factoryproxy.h Examining data/ibus-1.5.23/bus/global.c Examining data/ibus-1.5.23/bus/global.h Examining data/ibus-1.5.23/bus/server.c Examining data/ibus-1.5.23/bus/server.h Examining data/ibus-1.5.23/bus/connection.c Examining data/ibus-1.5.23/bus/connection.h Examining data/ibus-1.5.23/bus/matchrule.c Examining data/ibus-1.5.23/bus/matchrule.h Examining data/ibus-1.5.23/bus/marshalers.c Examining data/ibus-1.5.23/bus/marshalers.h Examining data/ibus-1.5.23/bus/types.h Examining data/ibus-1.5.23/bus/main.c Examining data/ibus-1.5.23/bus/test-matchrule.c Examining data/ibus-1.5.23/bus/test-client.c Examining data/ibus-1.5.23/bus/test-client.h Examining data/ibus-1.5.23/bus/test-stress.c FINAL RESULTS: data/ibus-1.5.23/bus/server.c:66:17: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. r = readlink (proclnk, filename, MAXSIZE); data/ibus-1.5.23/bus/server.c:80:5: [4] (shell) execv: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execv (exe, g_argv); data/ibus-1.5.23/bus/server.c:88:9: [4] (shell) execv: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execv (exe, g_argv); data/ibus-1.5.23/src/emoji-parser.c:801:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (head, shortname + 1); data/ibus-1.5.23/src/ibusaccelgroup.c:477:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (accelerator + l, text_release); data/ibus-1.5.23/src/ibusaccelgroup.c:481:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (accelerator + l, text_primary); data/ibus-1.5.23/src/ibusaccelgroup.c:487:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (accelerator + l, text_shift); data/ibus-1.5.23/src/ibusaccelgroup.c:491:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (accelerator + l, text_control); data/ibus-1.5.23/src/ibusaccelgroup.c:495:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (accelerator + l, text_mod1); data/ibus-1.5.23/src/ibusaccelgroup.c:499:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (accelerator + l, text_mod2); data/ibus-1.5.23/src/ibusaccelgroup.c:503:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (accelerator + l, text_mod3); data/ibus-1.5.23/src/ibusaccelgroup.c:507:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (accelerator + l, text_mod4); data/ibus-1.5.23/src/ibusaccelgroup.c:511:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (accelerator + l, text_mod5); data/ibus-1.5.23/src/ibusaccelgroup.c:515:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (accelerator + l, text_meta); data/ibus-1.5.23/src/ibusaccelgroup.c:519:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (accelerator + l, text_hyper); data/ibus-1.5.23/src/ibusaccelgroup.c:523:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (accelerator + l, text_super); data/ibus-1.5.23/src/ibusaccelgroup.c:526:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (accelerator + l, keyval_name); data/ibus-1.5.23/util/IMdkit/i18nIc.c:542:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(attr_ret[n].name, xic_attr[j].name); data/ibus-1.5.23/util/IMdkit/i18nIc.c:563:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(attr_ret[n].name, xic_attr[j].name); data/ibus-1.5.23/util/IMdkit/i18nMethod.c:169:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy ((*p_encoding)->supported_encodings[i], data/ibus-1.5.23/util/IMdkit/i18nMethod.c:194:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (address->im_locale, p->value); data/ibus-1.5.23/util/IMdkit/i18nMethod.c:206:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(address->im_addr, p->value); data/ibus-1.5.23/util/IMdkit/i18nMethod.c:218:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (address->im_name, p->value); data/ibus-1.5.23/util/IMdkit/i18nMethod.c:344:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (p->value, address->im_locale); data/ibus-1.5.23/util/IMdkit/i18nMethod.c:352:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (p->value, address->im_addr); data/ibus-1.5.23/util/IMdkit/i18nMethod.c:362:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (p->value, address->im_name); data/ibus-1.5.23/util/IMdkit/i18nPtHdr.c:50:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, msg); data/ibus-1.5.23/util/IMdkit/i18nPtHdr.c:392:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ext_list[i].name, im_ext[i].name); data/ibus-1.5.23/util/IMdkit/i18nPtHdr.c:410:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ext_list[n].name, im_ext[i].name); data/ibus-1.5.23/bus/test-stress.c:92:23: [3] (random) g_rand_int_range: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if(count>0 || g_rand_int_range (rnd, 0, 5) == 0) { data/ibus-1.5.23/bus/test-stress.c:95:25: [3] (random) g_rand_int_range: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. count = g_rand_int_range (rnd, 0, MAX_RANDOM_SPACE) + 1; data/ibus-1.5.23/bus/test-stress.c:104:22: [3] (random) g_rand_int_range: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. keysym = g_rand_int_range (rnd, 0, 'z'-'a'+1) + 'a'; data/ibus-1.5.23/client/x11/main.c:1176:13: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long (argc, argv, "v:n:l:k:a", data/ibus-1.5.23/engine/main.c:232:11: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. _tmp3_ = g_get_home_dir (); data/ibus-1.5.23/src/ibusenginesimple.c:1782:16: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. home = g_get_home_dir (); data/ibus-1.5.23/src/ibusobservedpath.c:224:32: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const gchar *homedir = g_get_home_dir (); data/ibus-1.5.23/ui/gtk3/xkblayout.c:1142:11: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. _tmp0_ = g_get_home_dir (); data/ibus-1.5.23/bus/main.c:161:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open("/dev/null",O_RDWR); data/ibus-1.5.23/bus/server.c:52:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char proclnk[MAXSIZE]; data/ibus-1.5.23/bus/server.c:53:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[MAXSIZE]; data/ibus-1.5.23/client/x11/main.c:1184:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g_debug_level = atoi (optarg); data/ibus-1.5.23/client/x11/main.c:1209:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g_debug_level = atoi (optarg); data/ibus-1.5.23/src/ibuscomposetable.c:763:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (retval->data, data, data_length * sizeof (guint16)); data/ibus-1.5.23/src/ibuscomposetable.c:797:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (retval->priv->data_first, data/ibus-1.5.23/src/ibuscomposetable.c:816:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (retval->priv->data_second, data/ibus-1.5.23/src/ibusenginedesc.c:743:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). desc->priv->rank = atoi (sub_node->text); data/ibus-1.5.23/src/ibusenginesimple.c:906:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (combination_buffer_temp, data/ibus-1.5.23/src/ibusenginesimple.c:916:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (combination_buffer, data/ibus-1.5.23/src/ibusobservedpath.c:372:20: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). hash = atol (attr[1]); data/ibus-1.5.23/src/ibusobservedpath.c:412:27: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). path->mtime = atol (attr[1]); data/ibus-1.5.23/src/ibusregistry.c:450:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (p, (gchar *) &intval, 4); data/ibus-1.5.23/src/ibusregistry.c:454:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (p, (gchar *) &intval, 4); data/ibus-1.5.23/src/ibusshare.c:265:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pf = fopen (ibus_get_socket_path (), "r"); data/ibus-1.5.23/src/ibusshare.c:290:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pid = atoi(p + sizeof ("IBUS_DAEMON_PID=") - 1); data/ibus-1.5.23/src/ibusshare.c:342:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pf = fopen (socket_path, "w"); data/ibus-1.5.23/src/ibusutil.c:179:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char first[8] = { 0 }; data/ibus-1.5.23/src/ibusxml.c:200:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *pf = fopen (filename, "r"); data/ibus-1.5.23/tools/main.c:2099:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (dup, self, sizeof (CommandEntry)); data/ibus-1.5.23/ui/gtk3/panel.c:2923:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). major1 = atoi (_tmp7_); data/ibus-1.5.23/ui/gtk3/panel.c:2927:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minor1 = atoi (_tmp9_); data/ibus-1.5.23/ui/gtk3/panel.c:2931:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). micro1 = atoi (_tmp11_); data/ibus-1.5.23/ui/gtk3/panel.c:2935:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). major2 = atoi (_tmp13_); data/ibus-1.5.23/ui/gtk3/panel.c:2939:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minor2 = atoi (_tmp15_); data/ibus-1.5.23/ui/gtk3/panel.c:2943:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). micro2 = atoi (_tmp17_); data/ibus-1.5.23/util/IMdkit/FrameMgr.c:466:13: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy (*(char **) data, fm->area + fm->idx, info.num); data/ibus-1.5.23/util/IMdkit/Xtrans.h:144:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char addr[XTRANS_MAX_ADDR_LEN]; data/ibus-1.5.23/util/IMdkit/i18nIc.c:109:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((char *) *value_buf)[base_length] = (char) 0; data/ibus-1.5.23/util/IMdkit/i18nIc.c:704:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((char *)attrib_list[attrib_num].value)[value_length] = '\0'; data/ibus-1.5.23/util/IMdkit/i18nMethod.c:509:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/ibus-1.5.23/util/IMdkit/i18nMethod.c:597:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/ibus-1.5.23/util/IMdkit/i18nMethod.c:701:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/ibus-1.5.23/util/IMdkit/i18nX.c:194:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (p, prop + (offset % 4), length); data/ibus-1.5.23/util/IMdkit/i18nX.c:282:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (atomName, data/ibus-1.5.23/util/IMdkit/i18nX.c:308:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char atomName[16]; data/ibus-1.5.23/util/IMdkit/i18nX.c:351:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[XCM_DATA_LIMIT]; data/ibus-1.5.23/bindings/vala/candidatearea.c:615:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp26_ = strlen (_tmp25_); data/ibus-1.5.23/bindings/vala/candidatearea.c:639:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp44_ = strlen (_tmp43_); data/ibus-1.5.23/bindings/vala/emojier.c:1161:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp14_ = strlen (_tmp13_); data/ibus-1.5.23/bindings/vala/emojier.c:1168:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp17_ = strlen (_tmp16_); data/ibus-1.5.23/bindings/vala/emojier.c:1810:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp1_ = strlen (self); data/ibus-1.5.23/bindings/vala/emojier.c:2333:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp5_ = strlen (_tmp4_); data/ibus-1.5.23/bindings/vala/emojier.c:2340:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp8_ = strlen (_tmp7_); data/ibus-1.5.23/bindings/vala/emojier.c:2402:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp7_ = strlen (_tmp6_); data/ibus-1.5.23/bindings/vala/emojier.c:2409:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp10_ = strlen (_tmp9_); data/ibus-1.5.23/bindings/vala/emojier.c:4345:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp0_ = strlen (annotation); data/ibus-1.5.23/bindings/vala/emojier.c:4378:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp6_ = strlen (_tmp5_); data/ibus-1.5.23/bindings/vala/emojier.c:4687:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp3_ = strlen (_tmp2_); data/ibus-1.5.23/bindings/vala/emojier.c:4699:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp7_ = strlen (_tmp6_); data/ibus-1.5.23/bindings/vala/emojier.c:6305:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp6_ = strlen (_tmp5_); data/ibus-1.5.23/bindings/vala/emojier.c:6936:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp1_ = strlen (annotation); data/ibus-1.5.23/bindings/vala/emojier.c:8413:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp8_ = strlen (_tmp7_); data/ibus-1.5.23/bindings/vala/emojier.c:8438:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp14_ = strlen (_tmp13_); data/ibus-1.5.23/bindings/vala/emojier.c:8525:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp8_ = strlen (_tmp7_); data/ibus-1.5.23/bindings/vala/emojier.c:8550:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp14_ = strlen (_tmp13_); data/ibus-1.5.23/bus/server.c:87:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). exe [strlen (exe) - sizeof (suffix) + 1] = '\0'; data/ibus-1.5.23/bus/server.c:214:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gchar *sub2 = g_strdup (p + strlen (variable)); \ data/ibus-1.5.23/bus/server.c:262:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unix_dir = g_strdup (socket_address + strlen (prefix)); \ data/ibus-1.5.23/client/gtk2/ibusimcontext.c:1389:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_return_if_fail (strlen (text) >= len); data/ibus-1.5.23/client/gtk3/ibusimcontext.c:1389:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_return_if_fail (strlen (text) >= len); data/ibus-1.5.23/client/x11/main.c:255:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). text.length = strlen ((char*)tp.value); data/ibus-1.5.23/src/emoji-parser.c:374:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (value[0] == '[' && value[strlen(value) - 1] == ']') { data/ibus-1.5.23/src/emoji-parser.c:377:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). data->emoji = g_strndup (value + 1, strlen(value) - 2); data/ibus-1.5.23/src/emoji-parser.c:566:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tag_length = strlen (EMOJI_VERSION_TAG); data/ibus-1.5.23/src/emoji-parser.c:567:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (line) > tag_length && data/ibus-1.5.23/src/emoji-parser.c:572:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tag_length = strlen (EMOJI_GROUP_TAG); data/ibus-1.5.23/src/emoji-parser.c:573:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (line) > tag_length && data/ibus-1.5.23/src/emoji-parser.c:580:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tag_length = strlen (EMOJI_SUBGROUP_TAG); data/ibus-1.5.23/src/emoji-parser.c:581:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (line) > tag_length && data/ibus-1.5.23/src/emoji-parser.c:595:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tag_length = strlen (EMOJI_NON_FULLY_QUALIFIED_TAG); data/ibus-1.5.23/src/emoji-parser.c:799:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen (shortname); data/ibus-1.5.23/src/ibusaccelgroup.c:303:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (accelerator); data/ibus-1.5.23/src/ibusaccelgroup.c:463:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l += strlen (keyval_name); data/ibus-1.5.23/src/ibusenginesimple.c:389:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (priv->tentative_emoji); data/ibus-1.5.23/src/ibusenginesimple.c:515:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int length = strlen (keys->data); data/ibus-1.5.23/src/ibusenginesimple.c:1817:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (*sys_lang)) == 0) { data/ibus-1.5.23/src/ibusobservedpath.c:501:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). file += strlen (path); data/ibus-1.5.23/src/ibusxml.c:272:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). retval = g_markup_parse_context_parse (context, buffer, strlen (buffer), &error); data/ibus-1.5.23/src/unicode-parser.c:125:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (line) > 4 && strncmp (line, "@@@", 3) == 0) { data/ibus-1.5.23/src/unicode-parser.c:128:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (NAMES_LIST_SUBJECT)) == 0) { data/ibus-1.5.23/src/unicode-parser.c:130:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_strdup (elements[1] + strlen (NAMES_LIST_SUBJECT) + 1); data/ibus-1.5.23/src/unicode-parser.c:217:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (line) > strlen (BLOCKS_SUBJECT) && data/ibus-1.5.23/src/unicode-parser.c:217:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (line) > strlen (BLOCKS_SUBJECT) && data/ibus-1.5.23/src/unicode-parser.c:218:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncmp (line, BLOCKS_SUBJECT, strlen (BLOCKS_SUBJECT)) == 0) { data/ibus-1.5.23/src/unicode-parser.c:219:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unicode_version = g_strdup (line + strlen (BLOCKS_SUBJECT) + 1); data/ibus-1.5.23/ui/gtk3/candidatearea.c:615:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp26_ = strlen (_tmp25_); data/ibus-1.5.23/ui/gtk3/candidatearea.c:639:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp44_ = strlen (_tmp43_); data/ibus-1.5.23/ui/gtk3/candidatepanel.c:555:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp16_ = strlen (_tmp15_); data/ibus-1.5.23/ui/gtk3/candidatepanel.c:587:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp3_ = strlen (_tmp2_); data/ibus-1.5.23/ui/gtk3/emojier.c:1161:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp14_ = strlen (_tmp13_); data/ibus-1.5.23/ui/gtk3/emojier.c:1168:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp17_ = strlen (_tmp16_); data/ibus-1.5.23/ui/gtk3/emojier.c:1810:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp1_ = strlen (self); data/ibus-1.5.23/ui/gtk3/emojier.c:2333:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp5_ = strlen (_tmp4_); data/ibus-1.5.23/ui/gtk3/emojier.c:2340:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp8_ = strlen (_tmp7_); data/ibus-1.5.23/ui/gtk3/emojier.c:2402:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp7_ = strlen (_tmp6_); data/ibus-1.5.23/ui/gtk3/emojier.c:2409:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp10_ = strlen (_tmp9_); data/ibus-1.5.23/ui/gtk3/emojier.c:4345:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp0_ = strlen (annotation); data/ibus-1.5.23/ui/gtk3/emojier.c:4378:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp6_ = strlen (_tmp5_); data/ibus-1.5.23/ui/gtk3/emojier.c:4687:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp3_ = strlen (_tmp2_); data/ibus-1.5.23/ui/gtk3/emojier.c:4699:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp7_ = strlen (_tmp6_); data/ibus-1.5.23/ui/gtk3/emojier.c:6305:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp6_ = strlen (_tmp5_); data/ibus-1.5.23/ui/gtk3/emojier.c:6936:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp1_ = strlen (annotation); data/ibus-1.5.23/ui/gtk3/emojier.c:8413:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp8_ = strlen (_tmp7_); data/ibus-1.5.23/ui/gtk3/emojier.c:8438:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp14_ = strlen (_tmp13_); data/ibus-1.5.23/ui/gtk3/emojier.c:8525:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp8_ = strlen (_tmp7_); data/ibus-1.5.23/ui/gtk3/emojier.c:8550:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp14_ = strlen (_tmp13_); data/ibus-1.5.23/ui/gtk3/panel.c:3922:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp2_ = strlen (symbol); data/ibus-1.5.23/ui/gtk3/panel.c:5394:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp0_ = strlen (self); data/ibus-1.5.23/ui/gtk3/panel.c:5548:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp27_ = strlen (_tmp26_); data/ibus-1.5.23/ui/gtk3/panelbinding.c:502:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp0_ = strlen (text); data/ibus-1.5.23/ui/gtk3/panelbinding.c:586:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp0_ = strlen (self); data/ibus-1.5.23/ui/gtk3/panelbinding.c:655:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp4_ = strlen (_tmp3_); data/ibus-1.5.23/ui/gtk3/panelbinding.c:688:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp17_ = strlen (_tmp16_); data/ibus-1.5.23/ui/gtk3/panelbinding.c:718:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp4_ = strlen (_tmp3_); data/ibus-1.5.23/ui/gtk3/panelbinding.c:943:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp5_ = strlen (_tmp4_); data/ibus-1.5.23/ui/gtk3/panelbinding.c:978:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp0_ = strlen (extension_name); data/ibus-1.5.23/ui/gtk3/panelbinding.c:2257:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp8_ = strlen (_tmp7_); data/ibus-1.5.23/ui/gtk3/switcher.c:1214:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp0_ = strlen (self); data/ibus-1.5.23/ui/gtk3/switcher.c:1313:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp13_ = strlen (_tmp12_); data/ibus-1.5.23/ui/gtk3/switcher.c:1473:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp10_ = strlen (_tmp9_); data/ibus-1.5.23/ui/gtk3/xkblayout.c:266:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp0_ = strlen (self); data/ibus-1.5.23/ui/gtk3/xkblayout.c:485:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp27_ = strlen (_tmp26_); data/ibus-1.5.23/ui/gtk3/xkblayout.c:488:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp30_ = strlen (_tmp29_); data/ibus-1.5.23/ui/gtk3/xkblayout.c:529:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp44_ = strlen (_tmp43_); data/ibus-1.5.23/ui/gtk3/xkblayout.c:532:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp47_ = strlen (_tmp46_); data/ibus-1.5.23/ui/gtk3/xkblayout.c:573:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp61_ = strlen (_tmp60_); data/ibus-1.5.23/ui/gtk3/xkblayout.c:576:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tmp64_ = strlen (_tmp63_); data/ibus-1.5.23/util/IMdkit/i18nAttr.c:119:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p->length = strlen (attr->name); data/ibus-1.5.23/util/IMdkit/i18nAttr.c:171:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ext_list->length = strlen(ext_list->name); data/ibus-1.5.23/util/IMdkit/i18nIc.c:108:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ((char *) (*value_buf), base_name, base_length); data/ibus-1.5.23/util/IMdkit/i18nMethod.c:168:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). = (char *) malloc (strlen (p->supported_encodings[i]) + 1); data/ibus-1.5.23/util/IMdkit/i18nMethod.c:190:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). address->im_locale = (char *) malloc (strlen (p->value) + 1); data/ibus-1.5.23/util/IMdkit/i18nMethod.c:202:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). address->im_addr = (char *) malloc (strlen (p->value) + 1); data/ibus-1.5.23/util/IMdkit/i18nMethod.c:214:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). address->im_name = (char *) malloc (strlen (p->value) + 1); data/ibus-1.5.23/util/IMdkit/i18nMethod.c:340:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p->value = (char *) malloc (strlen (address->im_locale) + 1); data/ibus-1.5.23/util/IMdkit/i18nMethod.c:348:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p->value = (char *) malloc (strlen (address->im_addr) + 1); data/ibus-1.5.23/util/IMdkit/i18nMethod.c:358:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p->value = (char *) malloc (strlen (address->im_name) + 1); data/ibus-1.5.23/util/IMdkit/i18nMethod.c:725:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (buf)); data/ibus-1.5.23/util/IMdkit/i18nMethod.c:956:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str_length = strlen (call_data->commit_string); data/ibus-1.5.23/util/IMdkit/i18nMethod.c:988:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str_length = strlen (call_data->commit_string); data/ibus-1.5.23/util/IMdkit/i18nPtHdr.c:184:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (imopen->lang.name, name, str_length); data/ibus-1.5.23/util/IMdkit/i18nPtHdr.c:215:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str_size = strlen (i18n_core->address.xim_attr[i].name); data/ibus-1.5.23/util/IMdkit/i18nPtHdr.c:224:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str_size = strlen (i18n_core->address.xic_attr[i].name); data/ibus-1.5.23/util/IMdkit/i18nPtHdr.c:465:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (query_ext->extension[number].name, name, str_length); data/ibus-1.5.23/util/IMdkit/i18nPtHdr.c:504:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str_size = strlen (ext_list[i].name); data/ibus-1.5.23/util/IMdkit/i18nPtHdr.c:1450:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (enc_nego->encoding[i].name, name, str_length); data/ibus-1.5.23/util/IMdkit/i18nPtHdr.c:1475:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (enc_nego->encodinginfo[i].name, name, str_length); ANALYSIS SUMMARY: Hits = 186 Lines analyzed = 155582 in approximately 3.28 seconds (47372 lines/second) Physical Source Lines of Code (SLOC) = 125490 Hits@level = [0] 32 [1] 111 [2] 38 [3] 8 [4] 28 [5] 1 Hits@level+ = [0+] 218 [1+] 186 [2+] 75 [3+] 37 [4+] 29 [5+] 1 Hits/KSLOC@level+ = [0+] 1.73719 [1+] 1.48219 [2+] 0.597657 [3+] 0.294844 [4+] 0.231094 [5+] 0.00796876 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.